Vulnerability in Python Software Foundation Cpython
CVE-2026-3479
DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the functio…
EPSS: 0.000 (3.8th percentile) — read the EPSS interpretation.
Affected products
- Python Software Foundation Cpython — versions 0, 3.14.0, 3.15.0a1
References
- github.com/python/cpython/pull/146122 (patch)
- mail.python.org/archives/list/security-announce@python.org/thread/WYLLVQOOCKGK7… (vendor-advisory)
- github.com/python/cpython/issues/146121 (issue-tracking)
- github.com/python/cpython/commit/bcdf231946b1da8bdfbab4c05539bb0cc964a1c7 (patch)
- github.com/python/cpython/commit/5af6ce3e7b643a30a02d22245c1e3f4a8bc0a1fe (patch)
- github.com/python/cpython/commit/cf59bf76470f3d75ad47d80ffb8ce76b64b5e943 (patch)
- github.com/python/cpython/commit/d786d59a8f7196bb630100a869f28ad13436b59c (patch)