Python fixes code execution and package confusion flaws in install manager and pip
Python disclosed CVE-2026-5271, a medium-severity flaw in the Python install manager that affects script alias entrypoints generated by version 26.0. The bug could leave the search path empty, allowing a Python module in the current working directory to override the intended module and execute code as the user. Python said the issue is fixed in version 26.1, noted that versions prior to 26.0 are not affected, and advised users to update and regenerate vulnerable aliases with:
py install --refresh
A separate medium-severity issue, CVE-2026-3219, was disclosed in pip for its handling of concatenated TAR and ZIP archives. pip treated concatenated TAR/ZIP files as ZIP archives regardless of filename or whether the file could be interpreted as both formats, creating confusing installation results and potentially installing files that did not match the expected archive type. The fix changes pip so installation proceeds only when an archive is uniquely identified as either ZIP or TAR, reducing the risk of ambiguous package handling in Python software distribution workflows.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
pip changes install behavior to reject ambiguous concatenated archives
The announced fix for CVE-2026-3219 changes pip so installation proceeds only when a file is uniquely identified as either a ZIP archive or a tar archive, but not both. This addressed confusing installation outcomes caused by ambiguous archive parsing.
Python discloses pip archive parsing flaw as CVE-2026-3219
Python disclosed CVE-2026-3219, a medium-severity vulnerability in pip's handling of concatenated tar and ZIP archives. Pip could treat concatenated tar and ZIP files as ZIP files regardless of filename, potentially causing installation of files that did not match the expected archive type.
Python releases version 26.1 to fix CVE-2026-5271
Python stated that install manager version 26.1 fixes CVE-2026-5271, while versions prior to 26.0 are not affected. Users were advised to update and run "py install --refresh" to regenerate aliases created by the vulnerable release.
Python discloses CVE-2026-5271 in install manager script aliases
Python disclosed CVE-2026-5271, a medium-severity vulnerability in version 26.0 of the Python install manager. The flaw could leave the search path empty for generated script alias entrypoints, allowing a module in the current working directory to override the intended module and execute code as the user.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
oss-sec: Fwd: [CVE-2026-3219] pip doesn't reject concatenated ZIP and tar archives
seclists.org
Open sourceoss-sec: [oss-security][CVE-2026-5271] Python install manager script aliases search path hijack
seclists.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CPython Flaws Expose Proxy Header Injection and Remote Debug Memory Corruption
CPython disclosed two medium-severity vulnerabilities affecting distinct parts of the runtime and tooling. **CVE-2026-1502** allows CR/LF bytes to pass through HTTP client proxy tunnel header or host handling, creating a header-injection risk in proxy tunnel scenarios. The issue was published through Python security channels and the `oss-sec` mailing list, with remediation details tracked in the CVE record and an associated CPython pull request. A second flaw, **CVE-2026-5713**, affects CPython remote debugging and introspection features and can trigger out-of-bounds read and write behavior when a privileged Python process connects to a malicious or compromised Python target. The bug impacts newer capabilities including `profiling.sampling` in Python 3.15+ and asyncio inspection commands such as ``` python -m asyncio ps python -m asyncio pstree ``` in Python 3.14+, and exploitation is expected to be unstable because the connecting process is likely to crash under ASLR.
Apr 15, 2026
Python Packaging and CPython Flaws Enable Privilege Escalation and Security Bypass
dCERT issued advisories for two Python-related vulnerabilities affecting **Red Hat Enterprise Linux** and **CPython**. One advisory warns that a flaw in `python-wheel` on Red Hat Enterprise Linux can allow **privilege escalation** and **arbitrary code execution**, creating a path for attackers to gain elevated access and run malicious code on affected systems. A second dCERT advisory reports a **CPython** vulnerability that can **bypass security measures**, indicating that protections relying on expected interpreter behavior may be undermined on vulnerable deployments. Together, the advisories highlight risk across both the Python runtime and packaging ecosystem, with potential impact ranging from weakened defensive controls to full code execution on enterprise Linux environments.
May 15, 2026
GitPython Flaws Let Attackers Bypass Option Checks and Execute Commands
Two high-severity vulnerabilities in **GitPython** allowed attackers to bypass built-in safety checks and reach arbitrary command execution through Git operations. **CVE-2026-42215** affects versions `3.1.30` through `3.1.46` and stems from GitPython validating blocked Git options before normalizing Python keyword arguments: values such as `upload_pack` could pass validation, then be converted into forbidden flags like `--upload-pack` when passed to `Repo.clone_from()`, `Remote.fetch()`, `Remote.pull()`, or `Remote.push()`. The flaw could let attacker-controlled input trigger command execution with the privileges of the Python process even when `allow_unsafe_options=False`. A second flaw, **CVE-2026-42284**, affects GitPython before version `3.1.47` and involves unsafe handling of the `multi_options` parameter in `_clone()`. The library checked `multi_options` before later reprocessing it with `shlex.split(" ".join(multi_options))`, enabling crafted input to smuggle additional Git command-line arguments past validation. A string that appeared to be a valid branch selection could be split into separate options, including malicious configuration such as `core.hooksPath`, causing Git to execute attacker-controlled hooks during clone. Both issues were fixed in **GitPython `3.1.47`**.
May 7, 2026