diff --git a/Doc/library/shutil.rst b/Doc/library/shutil.rst
index 22d6dba9e1a9c6..6a856c32a6c4e7 100644
--- a/Doc/library/shutil.rst
+++ b/Doc/library/shutil.rst
@@ -657,6 +657,13 @@ provided.  They rely on the :mod:`zipfile` and :mod:`tarfile` modules.
    registered for that extension.  In case none is found,
    a :exc:`ValueError` is raised.
 
+   .. warning::
+
+      Never extract archives from untrusted sources without prior inspection.
+      It is possible that files are created outside of *path*, e.g. members
+      that have absolute filenames starting with ``"/"`` or filenames with two
+      dots ``".."``.
+
    .. audit-event:: shutil.unpack_archive filename,extract_dir,format shutil.unpack_archive
 
    .. versionchanged:: 3.7
diff --git a/Misc/ACKS b/Misc/ACKS
index 23c92abb4d02a7..0b9230f4f7936d 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -1727,6 +1727,7 @@ Andrew Svetlov
 Paul Swartz
 Dennis Sweeney
 Al Sweigart
+Christopher Swenson
 Sviatoslav Sydorenko
 Thenault Sylvain
 Péter Szabó
diff --git a/Misc/NEWS.d/next/Security/2021-10-22-19-07-53.bpo-20749.hi0GfC.rst b/Misc/NEWS.d/next/Security/2021-10-22-19-07-53.bpo-20749.hi0GfC.rst
new file mode 100644
index 00000000000000..f1a9537a666195
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-10-22-19-07-53.bpo-20749.hi0GfC.rst
@@ -0,0 +1,2 @@
+Copied security warning from :func:`tarfile.extractall()` to
+:func:`shutil.unpack_archive()`.