{"id":"USN-7999-1","summary":"python-filelock vulnerabilities","details":"It was discovered that Filelock incorrectly handled symlinks in temp files.\nA local attacker could possibly use this issue to cause lock operations to\nfail or behave unexpectedly. (CVE-2026-22701)\n\nIt was discovered that the file locking implementation in the Filelock\npackage contained a race condition. A local attacker could possibly use\nthis to cause a denial of service or corrupt arbitrary user files.\n(CVE-2025-68146)","modified":"2026-04-27T18:34:35.689086Z","published":"2026-02-02T20:26:28Z","related":["UBUNTU-CVE-2025-68146","UBUNTU-CVE-2026-22701"],"upstream":["CVE-2025-68146","CVE-2026-22701","UBUNTU-CVE-2025-68146","UBUNTU-CVE-2026-22701"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7999-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-68146"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-22701"}],"affected":[{"package":{"name":"python-filelock","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/python-filelock@3.0.4-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.4-1ubuntu0.1~esm1"}]}],"versions":["2.0.11-1","2.0.12-1","2.0.13-1","3.0.0-2","3.0.3-1","3.0.4-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"python-filelock","binary_version":"3.0.4-1ubuntu0.1~esm1"},{"binary_name":"python3-filelock","binary_version":"3.0.4-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7999-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2025-68146","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-22701","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"python-filelock","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/python-filelock@3.0.12-2ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.12-2ubuntu0.1~esm1"}]}],"versions":["3.0.12-1","3.0.12-2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"python3-filelock","binary_version":"3.0.12-2ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7999-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"id":"CVE-2025-68146","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-22701","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"python-filelock","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/python-filelock@3.6.0-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.0-1ubuntu0.1~esm1"}]}],"versions":["3.0.12-2","3.3.2-1","3.4.0-1","3.4.2-1","3.4.2-2","3.6.0-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"python3-filelock","binary_version":"3.6.0-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7999-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"id":"CVE-2025-68146","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-22701","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"python-filelock","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/python-filelock@3.13.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.13.1-1ubuntu0.1~esm1"}]}],"versions":["3.12.2-1","3.12.4-1","3.13.1-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"python3-filelock","binary_version":"3.13.1-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7999-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:24.04:LTS","cves":[{"id":"CVE-2025-68146","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-22701","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.5"}