CVE-2026-8643

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,1

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: active

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.

https://github.com/pypa/pip/pull/14000

https://mail.python.org/archives/list/security-announce@pyt…

https://mail.python.org/archives/list/[email protected]/thread/YV63U…

CVE-2026-8643

Description

Iscriviti alla newsletter