Description

eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursively_extract_attachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without any sanitization, allowing an attacker-controlled filename to escape the target directory. This issue has been patched in version 2.0.1.

INFO

Published Date :

2026-03-07T15:22:43.645Z

Last Modified :

2026-03-09T18:26:58.485Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-29780 vulnerability.

Vendors Products
Govcert-lu
  • Eml Parser
Govcert.lu
  • Eml Parser
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-29780.

URL Resource
https://github.com/GOVCERT-LU/eml_parser/commit/99af03a09a90aaaaadd0ed2ffb5eea46d1ea2cc9 cve-icon cve-icon
https://github.com/GOVCERT-LU/eml_parser/issues/88 cve-icon cve-icon
https://github.com/GOVCERT-LU/eml_parser/security/advisories/GHSA-389r-rccm-h3h5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact