What is CVE-2026-42301?

CVE-2026-42301 is a high-severity vulnerability in Befeleme Pyp2spec, classified under Improper Input Validation. CVSS score: 7.8/10. Published 2026-05-09.

How severe is CVE-2026-42301?

High severity. CVSS v3 base score is 7.8 out of 10.

RCE in Befeleme Pyp2spec

CVE-2026-42301

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata (e.g. the summary field) into the generated spec file without escaping RPM macro directives. When a pa…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.000 (1.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Befeleme Pyp2spec — versions < 0.14.1

Weakness classification (CWE)

References

security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-42301?: CVE-2026-42301 is a high-severity vulnerability in Befeleme Pyp2spec, classified under Improper Input Validation. CVSS score: 7.8/10. Published 2026-05-09.
How severe is CVE-2026-42301?: High severity. CVSS v3 base score is 7.8 out of 10.