vulnerability
Ubuntu: USN-7979-1 (CVE-2026-23949): jaraco.context vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Jan 20, 2026 | Jan 28, 2026 | Feb 2, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jan 20, 2026
Added
Jan 28, 2026
Modified
Feb 2, 2026
Description
It was discovered that jaraco.context incorrectly handled certain zip file
paths. An attacker could possibly use this issue to extract arbitrary files
outside of the intented extraction directory.
Solution
ubuntu-upgrade-python3-jaraco-context
References
- CVE-2026-23949
- https://attackerkb.com/topics/CVE-2026-23949
- CWE-22
- UBUNTU-USN-7979-1
- URL-https://github.com/jaraco/jaraco.context/blob/main/jaraco/context/__init__.py#L74-L91
- URL-https://github.com/jaraco/jaraco.context/security/advisories/GHSA-58pv-8j8x-9vj2
- URL-https://github.com/pypa/setuptools/blob/main/setuptools/_vendor/jaraco/context.py#L55-L76
- URL-https://ubuntu.com/security/notices/USN-7979-1
- URL-https://www.cve.org/CVERecord?id=CVE-2026-23949
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.