A vulnerability marked as critical has been reported in wummel patool up to 4.0.4 . This vulnerability affects the function safe_extract in the library patoolib/programs/py_tarfile.py of the component Archive Handler . The manipulation leads to path traversal. This vulnerability is traded as CVE-2026-29509 . It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.