Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN171
_____________________________________________________________________

DATE                : 16/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Unstructured versions prior
                                    to 0.18.18.

=====================================================================
https://github.com/Unstructured-IO/unstructured/security/advisories/GHSA-gm8q-m8mv-jj5m
_____________________________________________________________________


Path Traversal via Malicious MSG Attachment Allows Arbitrary File Write
Critical
william-u10d published GHSA-gm8q-m8mv-jj5m Feb 3, 2026

Package
unstructured (pip)

Affected versions
<= 0.18.17

Patched versions
0.18.18


Description

A path traversal vulnerability in the partition_msg function allows an 
attacker to write or overwrite arbitrary files on the
filesystem when processing malicious MSG files with attachments.
Impact

An attacker can craft a malicious .msg file with attachment filenames 
containing path traversal sequences (e.g.,
../../../etc/cron.d/malicious). When processed with 
process_attachments=True, the library writes the attachment to an
attacker-controlled path, potentially leading to:

    Arbitrary file overwrite
    Remote code execution (via overwriting configuration files, cron 
jobs, or Python packages)
    Data corruption
    Denial of service

Affected Functionality

The vulnerability affects the MSG file partitioning functionality when 
process_attachments=True is enabled.
Vulnerability Details

The library does not sanitize attachment filenames in MSG files before 
using them in file write operations, allowing directory
traversal sequences to escape the intended output directory.
Workarounds

Until patched, users can:

    Set process_attachments=False when processing untrusted MSG files
    Avoid processing MSG files from untrusted sources
    Implement additional filename validation before processing

Severity
Critical
9.8/ 10

CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID
CVE-2025-64712

Weaknesses
Weakness CWE-22
Weakness CWE-73 
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================