A vulnerability, which was classified as critical , was found in Python CPython up to 3.14.x . Impacted is the function tarfile.extractall of the component Link Handler . Such manipulation leads to path traversal. This vulnerability is traded as CVE-2026-7774 . The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.