Back

openSUSE 15.6 python-poetry Vulnerability Allows Arbitrary File Write

Severity: Medium (Score: 57.9)

Sources: Linuxsecurity

Summary

A vulnerability identified as CVE-2026-34591 affects python-poetry versions from 1.4.0 to before 2.3.3. The flaw allows crafted wheels to contain '../' paths that the Poetry tool writes to disk without proper containment checks, leading to arbitrary file writes. This issue impacts users of openSUSE Leap 15.6, where the affected package is python311-poetry version 1.7.1. The vulnerability was published on April 2, 2026, and has been assigned a CVSS score of 7.1, indicating a moderate severity risk. Users are advised to apply the patch provided in the advisory to mitigate the risk. The patch can be installed using SUSE's recommended methods, including YaST online_update or the zypper command. This update is crucial for maintaining system integrity and preventing unauthorized file modifications. Key Points: • CVE-2026-34591 allows arbitrary file writes due to improper path handling in python-poetry. • The vulnerability affects openSUSE Leap 15.6 with python311-poetry versions 1.4.0 to before 2.3.3. • Users should apply the patch immediately to mitigate potential risks.

Key Entities

  • SuSE (company)
  • CVE-2026-34591 (cve)
  • OpenSUSE Leap 15.6 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed