Intel

AIKIDO-2026-387269

kagglehub is vulnerable to Path Traversal

Path Traversal Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Jul 1, 2026

53

Medium Risk

This Affects:

PYTHONkagglehub
0.2.6 - 1.0.1
Fixed in 1.0.2
Are you affected? Scan for Free

TL;DR

kagglehub downloads model and dataset archives and unpacks them in _extract_archive inside http_resolver.py. For tar archives the library calls extractall without an extraction filter, so member paths and symlinks are not validated against the destination directory. A crafted tar archive served as a Kaggle resource can write files outside the intended extraction directory, allowing arbitrary file overwrite on the downloading host. The fix passes filter="data" to extractall so unsafe tar members are rejected during extraction.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and you download and extract tar-based Kaggle resources.

Background info

kagglehub is vulnerable to Path Traversal in versions 0.2.6 - 1.0.1.

How to fix this

Upgrade the kagglehub library to the patch version.