Skip to main content

pip CVE-2026-8643

| EUVDEUVD-2026-33682 MEDIUM
Path Traversal (CWE-22)
2026-06-01 PSF GHSA-wf93-45jw-7689
4.1
CVSS 4.0 · Vendor: PSF
Share

Severity by source

Vendor (PSF) PRIMARY
4.1 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
8.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Red Hat
8.0 HIGH
qualitative

Primary rating from Vendor (PSF).

CVSS VectorVendor: PSF

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 01, 2026 - 17:26 vuln.today
Analysis Generated
Jun 01, 2026 - 17:26 vuln.today
CVSS changed
Jun 01, 2026 - 17:22 NVD
4.1 (MEDIUM)

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 4,702 pypi packages depend on pip (1,625 direct, 3,121 indirect)

Ecosystem-wide dependent count for version 26.1.2.

DescriptionCVE.org

pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.

AnalysisAI

Path traversal during wheel installation in pip allows a malicious package's console_scripts or gui_scripts entry point names to be written outside the intended scripts directory. All pip versions are listed as affected (CPE covers wildcard versions), and exploitation requires a victim to run pip install on a specially crafted package - making this a supply chain attack vector. No public exploit code is identified at time of analysis, no KEV listing exists, and a vendor fix is available upstream via PR #14000, though no specific patched release version is independently confirmed from available intelligence.

Technical ContextAI

pip uses distlib to process wheel entry points. When installing console_scripts or gui_scripts from a wheel, pip constructs the script file path by joining the entry point name directly onto the scripts directory using os.path.join(), without validating that the resolved path remains within that directory. Entry point names containing path traversal components (e.g., ../../etc/cron.d/name, absolute paths like /etc/cron.d/name, or Windows drive-letter paths like D:\outside) cause os.path.join() to resolve outside the intended scripts directory. The fix in PR #14000 introduces _script_within_dir(), which normalizes both the scripts root and candidate destination with os.path.normpath() and asserts the destination starts with the root plus os.sep - a standard path containment check. The affected CPE is cpe:2.3:a:python_packaging_authority:pip:*:*:*:*:*:*:*:*. No CWE is assigned in available data, but the root cause class is path traversal (analogous to CWE-22).

RemediationAI

Upgrade pip to the patched release once a tagged version incorporating PR #14000 (https://github.com/pypa/pip/pull/14000) is published - the exact fixed version is not independently confirmed from available data (upstream fix available as PR/commit; released patched version not independently confirmed). Consult the PSF advisory at https://mail.python.org/archives/list/security-announce@python.org/thread/YV63UET5D3OOJY7O4M5XCVYO2YM4NBYJ/ for the authoritative patched version. As compensating controls prior to patching: install packages only within virtual environments, which restricts the scripts directory and therefore limits traversal impact to paths within the venv tree rather than system directories; use pip install --require-hashes with an explicit requirements file to prevent installation of packages not pinned to verified hashes, reducing exposure to tampered or injected packages (note: this does not protect against a malicious but correctly hashed package); restrict pip access to trusted, audited package sources by configuring index-url and extra-index-url to internal mirrors only.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS-Aliyun Fixed

Share

CVE-2026-8643 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy