CVE-2026-29509 | wummel patool up to 4.0.4 Archive py_tarfile.py safe_extract path traversal (EUVD-2026-39879)
A vulnerability marked as critical has been reported in wummel patool up to 4.0.4. This vulnerability affects the function safe_extract in the library patoolib/programs/py_tarfile.py of the component Archive Handler. The manipulation leads to path traversal.
This vulnerability is traded as CVE-2026-29509. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.