CVE-2026-3479
LOW
2,1
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
Description
AI Translation Available
pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.
22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
StableCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Modify Files Or Directories
Read Files Or Directories
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
AI/ML
https://github.com/python/cpython/issues/146121
https://github.com/python/cpython/pull/146122
https://mail.python.org/archives/list/[email protected]/thread/WYLLV…