CVE-2026-3479 β DISPUTED: The project has clarified that the documentation was incorrect, andβ¦
Image via opengraph.githubassets.com
π¨ CVE-2026-3479 DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. p
[3.13] gh-146121: Clarify security model of pkgutil.getdata; revert c⦠· python/cpython@5af6ce3
github.com
What This Means For You
- New vulnerability disclosed β verify if your stack is exposed.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-3479 | Path Traversal | Python pkgutil.get_data() function did not validate the resource argument as documented, allowing path traversals. Affected component: pkgutil.get_data(). |
π Recommended Tools
π€
SCW Elite Bot
Get IOC packs, detection rules & premium threat intel β pay with Telegram Stars β
Open Bot β
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158325 |
| Published | April 07, 2026 at 21:26 UTC |
| Original Link | https://github.com/python/cpython/commit/5af6ce3e7b643a30... |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Found this interesting? Follow us to stay ahead.
Share