CVE-2026-22701 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-22701 Interim 1 1 2026-03-05T00:18:20Z current 2026-03-05T00:18:20Z 2026-03-05T00:18:20Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-22701 filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition between the permission validation and file creation to cause lock operations to fail or behave unexpectedly. The vulnerability occurs in the _acquire() method between raise_on_not_writable_file() (permission check) and os.open() (file creation). During this race window, an attacker can create a symlink at the lock file path, potentially causing the lock to operate on an unintended target file or leading to denial of service. This issue has been patched in version 3.20.3. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2026-January/023865.html E-Mail link for SUSE-SU-2026:0220-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023987.html E-Mail link for SUSE-SU-2026:0335-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024068.html E-Mail link for SUSE-SU-2026:20216-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container suse/multi-linux-manager/5.1/x86_64/server:5.1.2.8.13.2 Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.8 Container suse/sl-micro/6.0/base-os-container:2.1.3-5.8 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-5.8 Container suse/sl-micro/6.0/rt-os-container:2.1.3-6.7 Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.2 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.27 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.29 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.14 Image SL-Micro Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Image server-image SUSE Linux Enterprise Module for Development Tools 15 SP7 SUSE Linux Enterprise Module for Python 3 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP7 SUSE Linux Enterprise Module for Python 3 15 SP7 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP4-TERADATA SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server 15 SP6-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP7 SUSE Linux Enterprise Module for Python 3 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Module for Development Tools 15 SP7 SUSE Linux Enterprise Module for Python 3 15 SP7 SUSE Linux Enterprise Server for SAP applications 16.0 openSUSE Leap 15.6 openSUSE Leap 16.0 openSUSE Tumbleweed dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 e2fsprogs-1.47.0-3.1 libcom_err2-1.47.0-3.1 libext2fs2-1.47.0-3.1 python-filelock python3-filelock python3-filelock-3.0.12-150100.3.9.1 python311-filelock python311-filelock-3.12.2-150400.10.8.1 python311-filelock-3.20.3-1.1 python312-filelock-3.20.3-1.1 python313-filelock-3.18.0-160000.3.1 python313-filelock-3.20.3-1.1 python311-filelock-3.12.2-150400.10.8.1 as a component of Container suse/multi-linux-manager/5.1/x86_64/server:5.1.2.8.13.2 e2fsprogs-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.8 libcom_err2-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.8 libext2fs2-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.8 e2fsprogs-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/base-os-container:2.1.3-5.8 libcom_err2-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/base-os-container:2.1.3-5.8 libext2fs2-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/base-os-container:2.1.3-5.8 e2fsprogs-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/kvm-os-container:2.1.3-5.8 libcom_err2-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/kvm-os-container:2.1.3-5.8 libext2fs2-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/kvm-os-container:2.1.3-5.8 e2fsprogs-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/rt-os-container:2.1.3-6.7 libcom_err2-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/rt-os-container:2.1.3-6.7 libext2fs2-1.47.0-3.1 as a component of Container suse/sl-micro/6.0/rt-os-container:2.1.3-6.7 dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.2 dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Container suse/sl-micro/6.1/base-os-container:2.2.1-5.27 dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.29 dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.14 e2fsprogs-1.47.0-3.1 as a component of Image SL-Micro libcom_err2-1.47.0-3.1 as a component of Image SL-Micro libext2fs2-1.47.0-3.1 as a component of Image SL-Micro dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SL-Micro-Azure dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SL-Micro-BYOS-Azure dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SL-Micro-BYOS-EC2 dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SL-Micro-BYOS-GCE dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SL-Micro-EC2 e2fsprogs-1.47.0-3.1 as a component of Image SLE-Micro libcom_err2-1.47.0-3.1 as a component of Image SLE-Micro libext2fs2-1.47.0-3.1 as a component of Image SLE-Micro e2fsprogs-1.47.0-3.1 as a component of Image SLE-Micro-Azure libcom_err2-1.47.0-3.1 as a component of Image SLE-Micro-Azure libext2fs2-1.47.0-3.1 as a component of Image SLE-Micro-Azure e2fsprogs-1.47.0-3.1 as a component of Image SLE-Micro-BYOS libcom_err2-1.47.0-3.1 as a component of Image SLE-Micro-BYOS libext2fs2-1.47.0-3.1 as a component of Image SLE-Micro-BYOS e2fsprogs-1.47.0-3.1 as a component of Image SLE-Micro-BYOS-Azure libcom_err2-1.47.0-3.1 as a component of Image SLE-Micro-BYOS-Azure libext2fs2-1.47.0-3.1 as a component of Image SLE-Micro-BYOS-Azure e2fsprogs-1.47.0-3.1 as a component of Image SLE-Micro-BYOS-EC2 libcom_err2-1.47.0-3.1 as a component of Image SLE-Micro-BYOS-EC2 libext2fs2-1.47.0-3.1 as a component of Image SLE-Micro-BYOS-EC2 e2fsprogs-1.47.0-3.1 as a component of Image SLE-Micro-BYOS-GCE libcom_err2-1.47.0-3.1 as a component of Image SLE-Micro-BYOS-GCE libext2fs2-1.47.0-3.1 as a component of Image SLE-Micro-BYOS-GCE e2fsprogs-1.47.0-3.1 as a component of Image SLE-Micro-EC2 libcom_err2-1.47.0-3.1 as a component of Image SLE-Micro-EC2 libext2fs2-1.47.0-3.1 as a component of Image SLE-Micro-EC2 e2fsprogs-1.47.0-3.1 as a component of Image SLE-Micro-GCE libcom_err2-1.47.0-3.1 as a component of Image SLE-Micro-GCE libext2fs2-1.47.0-3.1 as a component of Image SLE-Micro-GCE dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SUSE-Multi-Linux-Manager-Server-Azure-llc dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SUSE-Multi-Linux-Manager-Server-Azure-ltd dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SUSE-Multi-Linux-Manager-Server-EC2-llc dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 as a component of Image SUSE-Multi-Linux-Manager-Server-EC2-ltd python311-filelock-3.12.2-150400.10.8.1 as a component of Image server-image python3-filelock-3.0.12-150100.3.9.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP7 python3-filelock-3.0.12-150100.3.9.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 python311-filelock-3.12.2-150400.10.8.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP7 python311-filelock-3.12.2-150400.10.8.1 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA python313-filelock-3.18.0-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 python313-filelock-3.18.0-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 python311-filelock-3.12.2-150400.10.8.1 as a component of openSUSE Leap 15.6 python313-filelock-3.18.0-160000.3.1 as a component of openSUSE Leap 16.0 python311-filelock-3.20.3-1.1 as a component of openSUSE Tumbleweed python312-filelock-3.20.3-1.1 as a component of openSUSE Tumbleweed python313-filelock-3.20.3-1.1 as a component of openSUSE Tumbleweed python313-filelock-3.18.0-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 python311-filelock as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS python-filelock as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS python311-filelock as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS python-filelock as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS python311-filelock as a component of SUSE Linux Enterprise Server 15 SP4-LTSS python-filelock as a component of SUSE Linux Enterprise Server 15 SP4-LTSS python311-filelock as a component of SUSE Linux Enterprise Server 15 SP5-LTSS python-filelock as a component of SUSE Linux Enterprise Server 15 SP5-LTSS python3-filelock as a component of SUSE Linux Enterprise Server 15 SP6-LTSS python311-filelock as a component of SUSE Linux Enterprise Server 15 SP6-LTSS python-filelock as a component of SUSE Linux Enterprise Server 15 SP6-LTSS python311-filelock as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 python-filelock as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 python311-filelock as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 python-filelock as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 python3-filelock as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 python311-filelock as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 python-filelock as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition between the permission validation and file creation to cause lock operations to fail or behave unexpectedly. The vulnerability occurs in the _acquire() method between raise_on_not_writable_file() (permission check) and os.open() (file creation). During this race window, an attacker can create a symlink at the lock file path, potentially causing the lock to operate on an unintended target file or leading to denial of service. This issue has been patched in version 3.20.3. CVE-2026-22701 Container suse/multi-linux-manager/5.1/x86_64/server:5.1.2.8.13.2:python311-filelock-3.12.2-150400.10.8.1 Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.8:e2fsprogs-1.47.0-3.1 Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.8:libcom_err2-1.47.0-3.1 Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.8:libext2fs2-1.47.0-3.1 Container suse/sl-micro/6.0/base-os-container:2.1.3-5.8:e2fsprogs-1.47.0-3.1 Container suse/sl-micro/6.0/base-os-container:2.1.3-5.8:libcom_err2-1.47.0-3.1 Container suse/sl-micro/6.0/base-os-container:2.1.3-5.8:libext2fs2-1.47.0-3.1 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-5.8:e2fsprogs-1.47.0-3.1 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-5.8:libcom_err2-1.47.0-3.1 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-5.8:libext2fs2-1.47.0-3.1 Container suse/sl-micro/6.0/rt-os-container:2.1.3-6.7:e2fsprogs-1.47.0-3.1 Container suse/sl-micro/6.0/rt-os-container:2.1.3-6.7:libcom_err2-1.47.0-3.1 Container suse/sl-micro/6.0/rt-os-container:2.1.3-6.7:libext2fs2-1.47.0-3.1 Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.2:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.27:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.29:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.14:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SL-Micro:e2fsprogs-1.47.0-3.1 Image SL-Micro:libcom_err2-1.47.0-3.1 Image SL-Micro:libext2fs2-1.47.0-3.1 Image SL-Micro-Azure:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SL-Micro-BYOS-Azure:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SL-Micro-BYOS-EC2:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SL-Micro-BYOS-GCE:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SL-Micro-EC2:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SLE-Micro:e2fsprogs-1.47.0-3.1 Image SLE-Micro:libcom_err2-1.47.0-3.1 Image SLE-Micro:libext2fs2-1.47.0-3.1 Image SLE-Micro-Azure:e2fsprogs-1.47.0-3.1 Image SLE-Micro-Azure:libcom_err2-1.47.0-3.1 Image SLE-Micro-Azure:libext2fs2-1.47.0-3.1 Image SLE-Micro-BYOS:e2fsprogs-1.47.0-3.1 Image SLE-Micro-BYOS:libcom_err2-1.47.0-3.1 Image SLE-Micro-BYOS:libext2fs2-1.47.0-3.1 Image SLE-Micro-BYOS-Azure:e2fsprogs-1.47.0-3.1 Image SLE-Micro-BYOS-Azure:libcom_err2-1.47.0-3.1 Image SLE-Micro-BYOS-Azure:libext2fs2-1.47.0-3.1 Image SLE-Micro-BYOS-EC2:e2fsprogs-1.47.0-3.1 Image SLE-Micro-BYOS-EC2:libcom_err2-1.47.0-3.1 Image SLE-Micro-BYOS-EC2:libext2fs2-1.47.0-3.1 Image SLE-Micro-BYOS-GCE:e2fsprogs-1.47.0-3.1 Image SLE-Micro-BYOS-GCE:libcom_err2-1.47.0-3.1 Image SLE-Micro-BYOS-GCE:libext2fs2-1.47.0-3.1 Image SLE-Micro-EC2:e2fsprogs-1.47.0-3.1 Image SLE-Micro-EC2:libcom_err2-1.47.0-3.1 Image SLE-Micro-EC2:libext2fs2-1.47.0-3.1 Image SLE-Micro-GCE:e2fsprogs-1.47.0-3.1 Image SLE-Micro-GCE:libcom_err2-1.47.0-3.1 Image SLE-Micro-GCE:libext2fs2-1.47.0-3.1 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SUSE-Multi-Linux-Manager-Server-Azure-llc:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SUSE-Multi-Linux-Manager-Server-Azure-ltd:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SUSE-Multi-Linux-Manager-Server-EC2-llc:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image SUSE-Multi-Linux-Manager-Server-EC2-ltd:dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 Image server-image:python311-filelock-3.12.2-150400.10.8.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:python3-filelock-3.0.12-150100.3.9.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-filelock-3.0.12-150100.3.9.1 SUSE Linux Enterprise Module for Python 3 15 SP7:python311-filelock-3.12.2-150400.10.8.1 SUSE Linux Enterprise Server 15 SP4-TERADATA:python311-filelock-3.12.2-150400.10.8.1 SUSE Linux Enterprise Server 16.0:python313-filelock-3.18.0-160000.3.1 SUSE Linux Enterprise Server for SAP applications 16.0:python313-filelock-3.18.0-160000.3.1 openSUSE Leap 15.6:python311-filelock-3.12.2-150400.10.8.1 openSUSE Leap 16.0:python313-filelock-3.18.0-160000.3.1 openSUSE Tumbleweed:python311-filelock-3.20.3-1.1 openSUSE Tumbleweed:python312-filelock-3.20.3-1.1 openSUSE Tumbleweed:python313-filelock-3.20.3-1.1 SUSE Linux Enterprise Server 16.0:python313-filelock-3.18.0-160000.3.1 moderate 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H