FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the download_and_copy() function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the predictable cache directory to redirect extracted binaries to an attacker-chosen location, enabling arbitrary file write with victim privileges during build time.
Metrics
Affected Vendors & Products
References
History
Tue, 14 Jul 2026 00:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Dao-ailab
Dao-ailab flash-attention |
|
| Vendors & Products |
Dao-ailab
Dao-ailab flash-attention |
Mon, 13 Jul 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the download_and_copy() function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the predictable cache directory to redirect extracted binaries to an attacker-chosen location, enabling arbitrary file write with victim privileges during build time. | |
| Title | FlashAttention Symlink Attack via tarfile.extractall in hopper/setup.py | |
| Weaknesses | CWE-59 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published: 2026-07-13T21:03:32.262Z
Updated: 2026-07-13T21:03:32.262Z
Reserved: 2026-07-13T16:41:09.007Z
Link: CVE-2026-62239
No data.
No data.
No data.