Skip to main content

Wheel

2 CVEs product

Monthly

CVE-2026-24049 PyPI MEDIUM POC PATCH This Month

Malicious wheel files can modify file permissions on critical system files during extraction in Python wheel versions 0.40.0-0.46.1, enabling attackers to alter SSH keys, configuration files, or executable scripts. This path traversal and permission manipulation flaw affects systems unpacking untrusted wheels and can lead to privilege escalation or arbitrary code execution. Public exploit code exists for this vulnerability, though a patch is available in version 0.46.2.

Python Privilege Escalation Wheel RCE Path Traversal
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-40898 PyPI HIGH POC PATCH This Week

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Wheel
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Malicious wheel files can modify file permissions on critical system files during extraction in Python wheel versions 0.40.0-0.46.1, enabling attackers to alter SSH keys, configuration files, or executable scripts. This path traversal and permission manipulation flaw affects systems unpacking untrusted wheels and can lead to privilege escalation or arbitrary code execution. Public exploit code exists for this vulnerability, though a patch is available in version 0.46.2.

Python Privilege Escalation Wheel +2
NVD GitHub VulDB
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Wheel
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy