diff --git a/src/pyhf/contrib/utils.py b/src/pyhf/contrib/utils.py
index 079bc55db9..6e1a0784e7 100644
--- a/src/pyhf/contrib/utils.py
+++ b/src/pyhf/contrib/utils.py
@@ -91,7 +91,12 @@ def download(archive_url, output_directory, force=False, compress=False):
                     with tarfile.open(
                         mode="r:*", fileobj=BytesIO(response.content)
                     ) as archive:
-                        archive.extractall(output_directory)
+                        # TODO: Simplify after pyhf is Python 3.12+ only
+                        # c.f. https://docs.python.org/3.12/library/tarfile.html#extraction-filters
+                        if hasattr(tarfile, "data_filter"):
+                            archive.extractall(output_directory, filter="data")
+                        else:
+                            archive.extractall(output_directory)
                 except tarfile.ReadError:
                     if not zipfile.is_zipfile(BytesIO(response.content)):
                         raise exceptions.InvalidArchive(