5.7
CVE-2026-2297
- EPSS 0.02%
- Veröffentlicht 04.03.2026 22:10:43
- Zuletzt bearbeitet 01.05.2026 16:16:30
- Quelle cna@python.org
- CVE-Watchlists
- Unerledigt
SourcelessFileLoader does not use io.open_code()
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPython Software Foundation
≫
Produkt
CPython
Default Statusunaffected
Version
0
Version <
3.13.13
Status
affected
Version
3.14.0
Version <
3.14.4
Status
affected
Version
3.15.0a1
Version <
3.15.0a7
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.059 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@python.org | 5.7 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.