1. CVE-2026-41140: Poetry 2.3.4 Patches Critical Path Traversal Vulnerability in Tar Extraction
Poetry, the widely adopted Python dependency management tool, has released version 2.3.4 to address a critical path traversal vulnerability in its tar extraction functionality. Tracked as CVE-2026-41140, the security flaw allows an attacker to write files to arbitrary locations on a system during package installation, ...