A high-severity vulnerability (CVE-2026-11940) has been identified in Python's CPython tarfile module that allows for directory traversal during archive extraction, enabling attackers to read or write files outside the intended directory. It has a CVSS score of 7.8 and could lead to overwriting critical system files or data theft. The vulnerability affects the `tarfile.extractall()` function and circumvents previous security measures.
Users are advised to immediately update their Python environments to the latest patch version and to avoid extracting untrusted tar archives until patched, with no confirmed exploitation found in the wild.