CVE-2026-5271 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a us…
Medium CVSS: 5.6

CVE-2026-5271

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command (e.g., pip, pytest)
from an attacker-controlled directory, a malicious module in that
directory can be imported and executed instead of the intended package.
Vendor
-
Product
-
CWE
CWE-427
Yayın Tarihi
2026-04-01 14:16:59
Güncelleme
2026-04-02 00:16:24
Source Identifier
cna@python.org
KEV Date Added
-

Kategoriler

CWE-427 MEDIUM 2026

Referanslar

https://github.com/python/pymanager/security/advisories/GHSA-jr5x-hgm4-rrm6 http://www.openwall.com/lists/oss-security/2026/04/01/5 https://github.com/python/pymanager/security/advisories/GHSA-jr5x-hgm4-rrm6