python.org API flaw exposed Python release metadata to admin-level forgery
The Python Software Foundation disclosed a critical authentication bypass in the python.org release management API that could have let attackers forge administrator-level requests and modify Python release metadata. The flaw, reported by Splitline Ng of DEVCORE and confirmed by the Python Security Response Team, could have enabled changes to download and verification URLs for official Python installers, creating a path to distribute tampered files through trusted python.org infrastructure. The vulnerable logic reportedly dated back to 2014, affecting the release pipeline for more than a decade, but maintainers said post-incident forensics found no evidence of exploitation.
The PSF patched the issue rapidly, with production fixes deployed within 24 hours and broader remediation completed within 48 hours, while also disabling risky API behavior and tightening release controls. Additional hardening included stricter URL validation, mandatory HTTPS enforcement, negative authentication test coverage, longer log retention, and stronger provenance measures around release artifacts, including emphasis on Sigstore alongside existing PGP signing. A subsequent Trail of Bits review funded by OpenAI reportedly found no additional authentication or authorization flaws, and the Foundation said the changes were designed to reduce the risk of unauthorized modification of Python downloads distributed via official channels.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
9 events from the most recent confirmed update back to the earliest known activity.
Trail of Bits audit finds no further auth issues
A later Trail of Bits audit funded by OpenAI confirmed no additional authentication or authorization problems in the reviewed Python infrastructure.
Python maintainers add hardening controls after the fix
Additional safeguards were introduced after remediation, including stricter URL validation, HTTPS enforcement, negative authentication test coverage, and longer log retention.
Post-incident forensics find no evidence of exploitation
Following investigation of the python.org release infrastructure issue, maintainers reported no evidence that the flaw had been exploited in the wild.
Patch completed within 48 hours of disclosure
The vulnerability was patched within 48 hours of responsible disclosure, closing the authentication bypass that could have enabled malicious download URL changes.
Production fix deployed for python.org release infrastructure
Python maintainers deployed production fixes within 24 hours of the report to block abuse of the vulnerable API path.
Python Security Response Team confirms the vulnerability
After disclosure, the Python Security Response Team validated the issue affecting the python.org release management API and began remediation.
Authentication bypass flaw introduced in python.org release API
The vulnerable logic in the python.org release management API had existed since 2014, creating a path for forged administrator-level API requests that could alter Python release metadata.
DEVCORE researcher responsibly discloses python.org API flaw
Splitline Ng of DEVCORE responsibly disclosed the critical authentication bypass vulnerability to the Python Security Response Team on 2026-02-23.
PSF announces stronger release verification and provenance measures
The Python Software Foundation announced changes to its release and distribution infrastructure, including stronger verification and provenance controls such as Sigstore alongside existing PGP signing.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Critical python.org Vulnerability Allowed Attackers to Forge Admin-Level API Requests
cybersecuritynews.com
Open source����� � �������������� Python, ����������� ��������� ������ �� ������ �� ����� python.org
opennet.ru
Open source����� � �������������� Python, ����������� ��������� ������ �� ������ �� ����� python.org
opennet.me
Open sourcePython Product Advisories
raw.githubusercontent.com
Open sourcePython Product Advisories
raw.githubusercontent.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Legacy Python Bootstrap Scripts Enable Domain Takeover Risk in PyPI Packages
Security researchers have identified a vulnerability in legacy Python packages distributed via PyPI, stemming from outdated bootstrap scripts that reference the now-defunct domain `python-distribute[.]org`. These scripts, associated with the `zc.buildout` tool, automate the download and installation of dependencies, including the obsolete 'Distribute' package, by fetching installation scripts from the aforementioned domain. Since the domain is currently up for sale and managed for ad revenue, an attacker who acquires it could serve malicious code to any environment executing these legacy bootstrap scripts, potentially compromising the software supply chain. The affected packages include widely used libraries such as `tornado`, `pypiserver`, `slapos.core`, `roman`, `xlutils`, and `testfixtures`, among others. While the vulnerable code is largely unused in modern development, it may still be present in legacy production environments, posing a latent risk. The issue highlights the ongoing dangers of abandoned infrastructure and the importance of auditing dependencies and installation scripts, especially in open-source ecosystems where legacy code may persist unnoticed.
Mar 21, 2026
PraisonAI Authentication Bypass Scanned Within Hours of Disclosure
Threat actors began probing internet-exposed **PraisonAI** instances within **3 hours and 44 minutes** of public disclosure of `CVE-2026-44338`, a missing-authentication flaw in the product’s legacy Flask API server. The vulnerability, tracked in GitHub advisory `GHSA-6rmh-7xcm-cpxj`, affects versions **2.5.6 through 4.6.33** and was fixed in **4.6.34**. Sysdig said the issue stems from authentication being disabled by default in the legacy `api_server.py`, allowing unauthenticated access to protected endpoints including `GET /agents` and `POST /chat`. Sysdig observed scanning from **146.190.133[.]49** using the User-Agent **`CVE-Detector/1.0`**, with activity focused on validating exploitability rather than full hands-on abuse, as no `POST /chat` requests were seen. Even so, exposed deployments could allow attackers to view agent configurations, trigger workflows defined in `agents.yaml`, exhaust model or API quotas, expose data, or execute downstream actions through connected tools. Defenders were urged to upgrade to **PraisonAI 4.6.34 or later**, retire the legacy API server, restrict exposure of **port 8080**, monitor for unauthenticated requests to `/agents` and `/chat`, and review credentials and billing tied to configured agents.
May 15, 2026
Python fixes code execution and package confusion flaws in install manager and pip
Python disclosed **CVE-2026-5271**, a medium-severity flaw in the Python install manager that affects script alias entrypoints generated by version `26.0`. The bug could leave the search path empty, allowing a Python module in the current working directory to override the intended module and execute code as the user. Python said the issue is fixed in version `26.1`, noted that versions prior to `26.0` are not affected, and advised users to update and regenerate vulnerable aliases with: ```bash py install --refresh ``` A separate medium-severity issue, **CVE-2026-3219**, was disclosed in `pip` for its handling of concatenated TAR and ZIP archives. `pip` treated concatenated TAR/ZIP files as ZIP archives regardless of filename or whether the file could be interpreted as both formats, creating confusing installation results and potentially installing files that did not match the expected archive type. The fix changes `pip` so installation proceeds only when an archive is uniquely identified as either ZIP or TAR, reducing the risk of ambiguous package handling in Python software distribution workflows.
Apr 20, 2026