The vulnerability identified as CVE-2026-34591 affects the python-poetry dependency manager, specifically versions from 1.4.0 up to but not including 2.3.3. Poetry is widely used in the Python ecosystem to manage project dependencies and package installation. The flaw is a classic path traversal (CWE-22) issue where crafted wheel packages can include file paths containing '../' sequences. When Poetry extracts these wheel files during installation, it fails to properly sanitize or restrict these paths, allowing files to be written outside the intended directory structure. This arbitrary file write occurs with the privileges of the Poetry process, which typically runs with user-level permissions. The attack vector involves an attacker publishing or providing a malicious wheel package that, when installed by a user, causes files to be written to arbitrary locations on disk. Although the vulnerability allows file write, it does not directly lead to code execution unless the malicious package is subsequently imported or executed by the user, which requires user interaction. The vulnerability is reachable during normal install flows from untrusted package artifacts, making it a significant risk especially in environments where package sources are not strictly controlled. The issue was publicly disclosed on April 2, 2026, and patched in Poetry version 2.3.3. The CVSS v4.0 base score is 7.1, reflecting high severity due to network attack vector, no privileges required, no user interaction needed to trigger the file write, but requiring user interaction for code execution. No known exploits have been reported in the wild as of now.

This vulnerability can lead to arbitrary file write on systems where vulnerable Poetry versions are used, potentially allowing attackers to overwrite critical files, place malicious scripts, or modify configuration files. The impact depends on the privileges of the Poetry process and the files targeted by the attacker. In multi-user or shared environments, this could lead to privilege escalation or persistent compromise if sensitive files are overwritten. Although direct code execution is not immediate, the ability to write arbitrary files can facilitate further attacks such as planting backdoors or modifying environment settings. Organizations relying on Poetry for dependency management, especially in automated CI/CD pipelines or developer workstations, face risks of supply chain compromise and lateral movement if malicious packages are installed. The vulnerability undermines the integrity of the software supply chain and can lead to data breaches, service disruption, or system compromise if exploited in targeted attacks.

Upgrade all Poetry installations to version 2.3.3 or later, where the vulnerability is patched. Implement strict controls on package sources by using trusted repositories and verifying package signatures or hashes before installation. Employ network and endpoint security controls to detect and block installation of suspicious or unverified packages. Use containerization or sandboxing for build and deployment environments to limit the impact of potential arbitrary file writes. Monitor file system changes in directories used by Poetry during package installation to detect anomalous writes. Educate developers and DevOps teams about the risks of installing packages from untrusted sources and encourage the use of dependency scanning tools. For environments where immediate upgrade is not feasible, consider restricting write permissions on directories that Poetry uses to prevent unauthorized file writes. Regularly audit installed packages and their origins to identify potentially malicious artifacts.