Vulnerability in Pypa Setuptools
CVE-2026-59890
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compi…
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N.
Affected products
- Pypa Setuptools — versions < 83.0.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2026-59890?
- CVE-2026-59890 is a medium-severity vulnerability in Pypa Setuptools, classified under CWE-176. CVSS score: 6.1/10. Published 2026-07-08.
- How severe is CVE-2026-59890?
- Medium severity. CVSS v3 base score is 6.1 out of 10.