CVE-2026-2297
⚪ Do wiadomości
Błąd w obsłudze plików *.pyc w CPython uniemożliwia wywołanie handlerów sys.audit.
CVSS
0.0
EPSS
0.0%
Exploit
none
Vendor
Opis źródłowy (NVD)
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 0.0 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-03-04 23:16:10 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-01 16:16:30 UTC |
Referencje
- https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e (cna@python.org)
- https://github.com/python/cpython/commit/69ddd9bb2cc4bd69b1565647c18659c6a789ccd9 (cna@python.org)
- https://github.com/python/cpython/commit/876858c9f65d9ab656c7fa639f268ce7856d89dd (cna@python.org)
- https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e (cna@python.org)
- https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86 (cna@python.org)
- https://github.com/python/cpython/issues/145506 (cna@python.org)
- https://github.com/python/cpython/pull/145507 (cna@python.org)
- http://www.openwall.com/lists/oss-security/2026/03/05/6 (af854a3a-2127-422b-91ae-364da2661108)