Poetry patches wheel path traversal enabling arbitrary file write

1 min readPublished 02 Apr 2026Updated 02 Apr 2026Source: CVEProject (cvelistV5)

CVE-2026-34591 News Supply Chain Python

TL;DR — A wheel install path traversal in poetry lets attacker-controlled wheel entries escape the install root and write arbitrary files during dependency installation.

What happened

poetry is a widely-used Python dependency and packaging manager, commonly executed in developer workstations and CI pipelines to resolve and install project dependencies.

CVE-2026-34591 describes a path traversal issue where a crafted wheel can include ../ path segments that poetry writes to disk without containment checks, enabling arbitrary file write with the privileges of the Poetry process. The CVE notes this is high severity because it is reachable from untrusted package artifacts during normal install flows, and also clarifies that installing a malicious wheel is not, by itself, sufficient for code execution unless the installed package is later imported or invoked.

Severity is CVSS v4.0 7.1 (High). Install-time file write primitives in dependency managers are a recurring supply-chain failure mode because they turn “fetch and install dependencies” into a filesystem write gadget inside privileged build and release environments.

Who is impacted

Projects and CI systems running poetry in the affected range.
Highest risk where dependency artifacts can be influenced by untrusted sources (e.g., compromised packages, poisoned mirrors, or untrusted registries).

Component	Affected versions (per CVE record)	Patched versions (per CVE record)
`poetry`	`>= 1.4.0, < 2.3.3`	`2.3.3`

What to do now

Follow vendor remediation guidance and apply the latest patched release available at the time of writing.
- "This issue has been patched in version 2.3.3."
Inventory where poetry runs in production build systems (CI runners, release pipelines, build containers) and confirm deployed versions.
Treat this as a supply-chain hardening trigger: review how wheel artifacts are sourced (indexes/mirrors) and ensure builds don’t silently consume unexpected or untrusted package sources.
If compromise is suspected, review recent dependency install activity and investigate filesystem changes in build environments consistent with unexpected writes outside the intended install target.

Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.