Is there a patch available for CVE-2026-5271?

Yes, a patch is available for CVE-2026-5271. Update the affected software to the latest version immediately.

Pymanager CVE-2026-5271

Q: What is the CVSS score of CVE-2026-5271?

CVE-2026-5271 has a CVSS 4.0 base score of 5.6 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-17911 MEDIUM

Uncontrolled Search Path Element (CWE-427)

2026-04-01 cna@python.org

Information Disclosure Pymanager

5.6

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.6 MEDIUM

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

26.1

EUVD ID Assigned

Apr 01, 2026 - 14:22 euvd

EUVD-2026-17911

Analysis Generated

Apr 01, 2026 - 14:22 vuln.today

CVE Published

Apr 01, 2026 - 14:16 nvd

MEDIUM 5.6

DescriptionCVE.org

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. This could lead to modules getting shadowed

Articles & Coverage 1

letchupkt.medium.com CVE-2026-5271: Python pymanager Module Hijacking via CWD Path Manipulation

AnalysisAI

pymanager allows local attackers to shadow legitimate Python modules by placing malicious modules in the current working directory, leading to arbitrary code execution when the application imports standard library or third-party modules. The vulnerability affects pymanager due to insecure sys.path manipulation that includes the current working directory with high priority, enabling privilege escalation or information disclosure depending on the affected module and execution context. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	This vulnerability presents moderate real-world risk despite the 5.6 CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker creates a malicious module file (e.g., shadow_module.py) in a directory where a developer or build process runs pymanager. When pymanager imports a legitimate module of the same name, the malicious version in the current directory is loaded and executed instead, allowing the attacker to steal credentials, modify build artifacts, or escalate privileges depending on the shadowed module's role. …
Remediation	Users must update pymanager to a patched version released by the Python project. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5271 vulnerability details – vuln.today

Back