Vulnerability in Python Software Foundation Pymanager
CVE-2026-5271
pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command (e.g., pip, pytest) from an attacker…
EPSS: 0.000 (5.6th percentile) — read the EPSS interpretation.
Affected products
- Python Software Foundation Pymanager — versions 26.0
References
- github.com/python/pymanager/security/advisories/GHSA-jr5x-hgm4-rrm6 (vendor-advisory)