Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Requires legacy all-users install at OS-root-adjacent default path (AC:H), low-privileged local account (AV:L, PR:L), and a privileged user must actively run Python (UI:R), with scope change enabling code execution as that user (S:C).
Primary rating from Vendor (PSF).
CVSS VectorVendor: PSF
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python assumes it is running in a source tree and generates a different default sys.path. This code remains in release builds, so that release-ready builds can be built in-tree.
On Windows, since builds are written to 'PCbuild/', the value of VPATH is set to '..\..', which results in a landmark of '..\..\Modules\setup.local'. This path is outside the install directory of Python, and may have different permissions, potentially allowing a low-privilege user to create the landmark and an alternative Lib folder that will be discovered by an otherwise restricted install.
Such a setup occurs with the legacy default install location for all users (in the now superseded EXE installer), due to how Windows allows all users to create folders in the root directory of their OS drive.
Our recommended mitigation on Windows is to migrate away from the legacy installer and use the new Python install manager to install for the current user. Installs where the directory two levels above the Python installation directory have equivalent permissions are unaffected (in general, a per-user install cannot be modified at all by other users, removing any escalation of privilege risk, and could be directly modified by a privileged user, making the potential tampering irrelevant). Alternative mitigations might include preemptively creating and restricting access to a Modules directory. Be aware that only 3.13 and 3.14 will receive updated legacy installers - earlier fixes are only provided as sources.
Platforms other than Windows allow VPATH to be overridden, but as they don't usually use a separated directory in the build for binaries, are unlikely to have a landmark reference outside of the install directory.
The landmark detection involving VPATH is a fallback for when a more specific landmark - .\pybuilddir.txt - is absent, and was included for compatibility. Future releases of Python will no longer include the fallback, and so builds will need to generate or preserve the pybuilddir.txt file in order to work in-tree. This landmark file has been generated on Windows since 3.11, and on other platforms for longer.
AnalysisAI
Privilege escalation in CPython on Windows enables a low-privileged local user to hijack the module search path of a more-privileged Python process running from a legacy all-users installation, enabling arbitrary code execution under an elevated context. The root cause is a VPATH-based fallback landmark mechanism compiled into release builds: on Windows, VPATH resolves two directory levels above PCbuild/, placing the Modules/Setup.local landmark outside the install directory in a location writable by unprivileged users under the legacy EXE installer's default all-users path. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires all of the following specific, concurrent conditions: (1) CPython must be installed on Windows using the legacy EXE installer in all-users mode at the default path (e.g., C:\Python313\), placing the install such that the directory two levels above it is the OS drive root (C:\), which Windows grants all authenticated users CreateFolder permissions on by default; (2) pybuilddir.txt must be absent from the executable directory, activating the VPATH-based BUILD_LANDMARK fallback in Modules/getpath.py; (3) a low-privileged local account (PR:L per CVSS vector) must be able to create the directory C:\Modules\ and place Setup.local within it before a privileged user runs Python; (4) a user with higher privileges must actively invoke python.exe from the vulnerable install (UI:A per CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.3 accurately reflects the layered constraints: local access is required (AV:L), specific attack preconditions must be present (AT:P - legacy all-users EXE installer at default OS-root-adjacent path), only a low-privileged account is needed (PR:L), and active interaction by a higher-privileged user is required to trigger loading (UI:A). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged user on a Windows system where Python 3.13 is installed for all users via the legacy EXE installer at C:\Python313\ creates the directory C:\Modules\ and places a crafted Setup.local file there, then populates C:\Lib\ with trojanized Python standard library modules. When an administrator or privileged service account subsequently invokes python.exe from that installation - for example, running a scheduled maintenance script - CPython's VPATH-based fallback landmark detection triggers (because pybuilddir.txt is absent), causing the interpreter to discover and load from the attacker-controlled C:\Lib\ directory, executing arbitrary code under the victim's elevated privileges. … |
| Remediation | The upstream fix is available as PR https://github.com/python/cpython/pull/151545, which removes the VPATH-based BUILD_LANDMARK fallback from Modules/getpath.py and ensures pybuilddir.txt is the sole source-tree indicator; updated legacy installers will be released for Python 3.13 and 3.14 only. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37125
GHSA-2wqx-fp26-qh5v