pypi py7zr 1.1.3
Release version 1.1.3: Fix multiple vulnerabilities
on Python PyPI

3 hours ago
  • CVE-2026-23879: Arbitrary File Write Vulnerability in py7zr (high severity)
    • Harden check of path traversal and enhance test cases to reproduce many attack scenarios.
  • CVE-2026-55206: O(n^2) algorithmic complexity DoS in PackInfo._read() in py7zr
    • Enforced variation of the parameter with a limit and optimized calculation algorithm to prevent excessive CPU consumption.
  • CVE-2026-55195: py7zr <= 1.1.2: Decompression bomb (zip bomb) denial of service via unchecked extraction size
    • Added check of extraction size and introduced max_extract_size as constructor parameter to guard against excessive decompression.
Check out latest releases or
releases around py7zr 1.1.3

Don't miss a new py7zr release

NewReleases is sending notifications on new releases.

Get notifications