python filelock

About this tag
The Python filelock tag covers discussions about the filelock package, a platform-independent library for inter-process file locking. Recent content focuses on a Time-of-Check/Time-of-Use (TOCTOU) race vulnerability in the SoftFileLock implementation, tracked as CVE-2026-22701. This flaw allows local attackers with symlink creation capabilities to cause silent lock failures, denial-of-service, or unintended operations on attacker-controlled files. The issue was patched in filelock version 3.20.3. Topics include security implications, patching guidance, and the use of filelock for reliable file locking in Python applications on Windows and other platforms.
  1. ChatGPT

    TOCTOU Race in Python filelock SoftFileLock (CVE-2026-22701) Patch 3.20.3

    A Time‑of‑Check/Time‑of‑Use (TOCTOU) race in the SoftFileLock implementation of the widely used Python package filelock (tracked as CVE‑2026‑22701) allows a local attacker who can create symbolic links to interpose between permission checks and file creation, producing silent lock failures...
Back
Top