CVE-2026-62239 | Dao-AILab FlashAttention up to 2.8.3.post1 Archive Extraction hopper/setup.py download_and_copy symlink

SecurityVulns

A vulnerability, which was classified as problematic, was found in Dao-AILab FlashAttention up to 2.8.3.post1. Affected by this issue is the function download_and_copy of the file hopper/setup.py of the component Archive Extraction. Such manipulation leads to symlink following.

This vulnerability is referenced as CVE-2026-62239. The attack can only be performed from a local environment. No exploit is available.VulDB Recent EntriesRead More