Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
python-poetry allows malicious wheel files to write to disk
SUSE-SU-2026:1220-1
Summary
A security update for python-poetry fixes a vulnerability that could let an attacker write malicious files to your computer if they trick you into installing a specially crafted software package. This update ensures that python-poetry checks the files it installs more carefully. Update to the latest version to protect your system.
Original title
Security update for python-poetry
Original description
This update for python-poetry fixes the following issue:
- CVE-2026-34591: From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write (bsc#1261383).
- CVE-2026-34591: From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write (bsc#1261383).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261220-1/ Vendor Advisory
- https://bugzilla.suse.com/1261383 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-34591 URL
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026