PYSEC-2026-2071

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/zenml/PYSEC-2026-2071.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2071
Aliases
Published
2026-07-07T16:03:06.450033Z
Modified
2026-07-07T17:48:17.160627575Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
Details

ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses is_path_within_directory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.

References

Affected packages

PyPI / zenml

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.81.0
Fixed
0.84.2

Affected versions

0.*
0.81.0
0.82.0
0.82.1
0.83.0
0.83.1
0.84.0
0.84.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/zenml/PYSEC-2026-2071.yaml"