CVE-2026-23949

HighPublic PoC

Published: 20 January 2026

Published

20 January 2026

Modified

11 March 2026

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score 0.0009 25.5th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23949 is a high-severity Path Traversal (CWE-22) vulnerability in Jaraco Jaraco.Context. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked at the 25.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Ingress Tool Transfer (T1105) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires organizations to identify, report, and correct software flaws like the path traversal vulnerability in jaraco.context tarball function by applying patches such as upgrading to version 6.1.0.

SI-10 Information Input Validation good match

prevent

Mandates validation of untrusted inputs such as file paths in tar archives to block directory traversal sequences like ../ that allow extraction outside the intended directory.

SI-15 Information Output Filtering good match

prevent

Implements filtering of output paths during tar extraction to sanitize traversal payloads like dummy_dir/../../etc/passwd, preventing writes to sensitive locations.

MITRE ATT&CK Enterprise TechniquesAI

T1105 Ingress Tool Transfer Command And Control

Adversaries may transfer tools or other files from an external system into a compromised environment.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Path traversal in tar extraction directly enables arbitrary file write from untrusted archives (Ingress Tool Transfer) and remote exploitation of exposed applications processing such input.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract…

files outside the intended extraction directory when malicious tar archives are processed. The strip_first_component filter splits the path on the first `/` and extracts the second component, while allowing `../` sequences. Paths like `dummy_dir/../../etc/passwd` become `../../etc/passwd`. Note that this suffers from a nested tarball attack as well with multi-level tar files such as `dummy_dir/inner.tar.gz`, where the inner.tar.gz includes a traversal `dummy_dir/../../config/.env` that also gets translated to `../../config/.env`. Version 6.1.0 contains a patch for the issue.

Deeper analysisAI

CVE-2026-23949 is a Zip Slip path traversal vulnerability (CWE-22) in the `jaraco.context.tarball()` function of the open-source Python package jaraco.context, which provides decorators and context managers. The issue affects versions starting from 5.2.0 up to but not including 6.1.0. The `strip_first_component` filter in the function splits paths on the first `/` and strips only the initial component, failing to block `../` sequences, such as in paths like `dummy_dir/../../etc/passwd` that resolve to `../../etc/passwd`. This also enables nested tarball attacks, where multi-level tar files like `dummy_dir/inner.tar.gz` containing traversals such as `dummy_dir/../../config/.env` similarly resolve to `../../config/.env`. The vulnerability is also present in the vendored copy of jaraco.context within setuptools at `_vendor/jaraco/context.py`.

Attackers can exploit this vulnerability remotely with low complexity and no privileges or user interaction required (CVSSv3.1: 8.6/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Any untrusted input processed by the `tarball()` function, such as malicious tar archives provided over the network, allows extraction of files outside the intended directory. This leads to high confidentiality impacts across the scope, enabling unauthorized access to sensitive files like `/etc/passwd` or application configurations.

The GitHub security advisory (GHSA-58pv-8j8x-9vj2) and patch commit (7b26a42b525735e4085d2e994e13802ea339d5f9) confirm that version 6.1.0 resolves the issue by addressing the path traversal logic in `jaraco/context/__init__.py`. Users should upgrade to jaraco.context 6.1.0 or later and review vendored instances in dependencies like setuptools for mitigation.