diff --git a/python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql b/python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
index d9c5ffd6f76..052ca3e5d98 100644
--- a/python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
+++ b/python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
@@ -28,12 +28,17 @@ class UnsafeUnpackingConfig extends TaintTracking::Configuration {
     // A source coming from a remote location
     exists(Http::Client::Request request | source = request)
     or
-    //A source coming from a CLI argparse module
-    exists(Node o, API::Node ap, MethodCallNode args |
-      ap = API::moduleImport("argparse").getMember("ArgumentParser").getACall().getReturn() and
-      args = ap.getMember("parse_args").getACall() and
-      args.flowsTo(o) and
-      source.(AttrRead).accesses(o, any(string s))
+    // A source coming from a CLI argparse module
+    // see argparse: https://docs.python.org/3/library/argparse.html
+    exists(MethodCallNode args |
+      args = source.(AttrRead).getObject().getALocalSource() and
+      args =
+        API::moduleImport("argparse")
+            .getMember("ArgumentParser")
+            .getACall()
+            .getReturn()
+            .getMember("parse_args")
+            .getACall()
     )
     or
     // A source catching an S3 filename download
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-022/UnsafeUnpack.py b/python/ql/test/experimental/query-tests/Security/CWE-022/UnsafeUnpack.py
index 8386f2770b5..eb0ac597a1a 100644
--- a/python/ql/test/experimental/query-tests/Security/CWE-022/UnsafeUnpack.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-022/UnsafeUnpack.py
@@ -87,3 +87,17 @@ shutil.unpack_archive(compressed_file, base_dir) # $result=BAD
 # download(url) returns filename
 compressed_file = wget.download(url)
 shutil.unpack_archive(compressed_file, base_dir) # $result=BAD
+
+
+# A source coming from a CLI argparse module
+# see argparse: https://docs.python.org/3/library/argparse.html
+import argparse
+
+parser = argparse.ArgumentParser(description='Process some integers.')
+parser.add_argument('integers', metavar='N', type=int, nargs='+',
+                    help='an integer for the accumulator')
+parser.add_argument('filename', help='filename to be provided')
+
+args = parser.parse_args()
+compressed_file = args.filename
+shutil.unpack_archive(compressed_file, base_dir) # $result=BAD
\ No newline at end of file