You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
python filelock
About this tag
The Python filelock tag covers discussions about the filelock package, a platform-independent library for inter-process file locking. Recent content focuses on a Time-of-Check/Time-of-Use (TOCTOU) race vulnerability in the SoftFileLock implementation, tracked as CVE-2026-22701. This flaw allows local attackers with symlink creation capabilities to cause silent lock failures, denial-of-service, or unintended operations on attacker-controlled files. The issue was patched in filelock version 3.20.3. Topics include security implications, patching guidance, and the use of filelock for reliable file locking in Python applications on Windows and other platforms.
A Time‑of‑Check/Time‑of‑Use (TOCTOU) race in the SoftFileLock implementation of the widely used Python package filelock (tracked as CVE‑2026‑22701) allows a local attacker who can create symbolic links to interpose between permission checks and file creation, producing silent lock failures...