Skip to main content

CPython CVE-2026-12003

| EUVDEUVD-2026-37125 MEDIUM
Uncontrolled Search Path Element (CWE-427)
2026-06-16 PSF GHSA-2wqx-fp26-qh5v
5.3
CVSS 4.0 · Vendor: PSF
Share

Severity by source

Vendor (PSF) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.2 HIGH

Requires legacy all-users install at OS-root-adjacent default path (AC:H), low-privileged local account (AV:L, PR:L), and a privileged user must actively run Python (UI:R), with scope change enabling code execution as that user (S:C).

3.1 AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
4.0 AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (PSF).

CVSS VectorVendor: PSF

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 16, 2026 - 17:16 vuln.today
Analysis Generated
Jun 16, 2026 - 17:16 vuln.today

DescriptionCVE.org

To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python assumes it is running in a source tree and generates a different default sys.path. This code remains in release builds, so that release-ready builds can be built in-tree.

On Windows, since builds are written to 'PCbuild/', the value of VPATH is set to '..\..', which results in a landmark of '..\..\Modules\setup.local'. This path is outside the install directory of Python, and may have different permissions, potentially allowing a low-privilege user to create the landmark and an alternative Lib folder that will be discovered by an otherwise restricted install.

Such a setup occurs with the legacy default install location for all users (in the now superseded EXE installer), due to how Windows allows all users to create folders in the root directory of their OS drive.

Our recommended mitigation on Windows is to migrate away from the legacy installer and use the new Python install manager to install for the current user. Installs where the directory two levels above the Python installation directory have equivalent permissions are unaffected (in general, a per-user install cannot be modified at all by other users, removing any escalation of privilege risk, and could be directly modified by a privileged user, making the potential tampering irrelevant). Alternative mitigations might include preemptively creating and restricting access to a Modules directory. Be aware that only 3.13 and 3.14 will receive updated legacy installers - earlier fixes are only provided as sources.

Platforms other than Windows allow VPATH to be overridden, but as they don't usually use a separated directory in the build for binaries, are unlikely to have a landmark reference outside of the install directory.

The landmark detection involving VPATH is a fallback for when a more specific landmark - .\pybuilddir.txt - is absent, and was included for compatibility. Future releases of Python will no longer include the fallback, and so builds will need to generate or preserve the pybuilddir.txt file in order to work in-tree. This landmark file has been generated on Windows since 3.11, and on other platforms for longer.

AnalysisAI

Privilege escalation in CPython on Windows enables a low-privileged local user to hijack the module search path of a more-privileged Python process running from a legacy all-users installation, enabling arbitrary code execution under an elevated context. The root cause is a VPATH-based fallback landmark mechanism compiled into release builds: on Windows, VPATH resolves two directory levels above PCbuild/, placing the Modules/Setup.local landmark outside the install directory in a location writable by unprivileged users under the legacy EXE installer's default all-users path. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify target with legacy all-users Python install at default path
Delivery
Create C:\Modules\Setup.local and trojanized C:\Lib\ as low-privileged user
Exploit
Wait for privileged user to invoke python.exe (UI:A)
Execution
VPATH landmark fallback triggers due to absent pybuilddir.txt
Persist
CPython loads attacker-controlled Lib as sys.path entry
Impact
Malicious modules execute under privileged context

Vulnerability AssessmentAI

Exploitation Exploitation requires all of the following specific, concurrent conditions: (1) CPython must be installed on Windows using the legacy EXE installer in all-users mode at the default path (e.g., C:\Python313\), placing the install such that the directory two levels above it is the OS drive root (C:\), which Windows grants all authenticated users CreateFolder permissions on by default; (2) pybuilddir.txt must be absent from the executable directory, activating the VPATH-based BUILD_LANDMARK fallback in Modules/getpath.py; (3) a low-privileged local account (PR:L per CVSS vector) must be able to create the directory C:\Modules\ and place Setup.local within it before a privileged user runs Python; (4) a user with higher privileges must actively invoke python.exe from the vulnerable install (UI:A per CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 5.3 accurately reflects the layered constraints: local access is required (AV:L), specific attack preconditions must be present (AT:P - legacy all-users EXE installer at default OS-root-adjacent path), only a low-privileged account is needed (PR:L), and active interaction by a higher-privileged user is required to trigger loading (UI:A). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged user on a Windows system where Python 3.13 is installed for all users via the legacy EXE installer at C:\Python313\ creates the directory C:\Modules\ and places a crafted Setup.local file there, then populates C:\Lib\ with trojanized Python standard library modules. When an administrator or privileged service account subsequently invokes python.exe from that installation - for example, running a scheduled maintenance script - CPython's VPATH-based fallback landmark detection triggers (because pybuilddir.txt is absent), causing the interpreter to discover and load from the attacker-controlled C:\Lib\ directory, executing arbitrary code under the victim's elevated privileges. …
Remediation The upstream fix is available as PR https://github.com/python/cpython/pull/151545, which removes the VPATH-based BUILD_LANDMARK fallback from Modules/getpath.py and ensures pybuilddir.txt is the sole source-tree indicator; updated legacy installers will be released for Python 3.13 and 3.14 only. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-12003 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy