AZL-77910 CVE-2026-1703 affecting package python-virtualenv 20.36.1-1

🗓️ 02 Feb 2026 15:16:30Reported by GoogleType

osv🔗 osv.dev👁 3 Views

Path traversal in python virtualenv 20.36.1-1 may extract outside installation location during wheel install.

Reporter	Title	Published	Views	Family All 77
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	7 May 202613:38	–	ibm
ATTACKERKB	CVE-2026-1703	2 Feb 202614:43	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1490)	30 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1530)	1 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1531)	1 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1589)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3256 (ALAS-2026-3256)	30 Apr 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : python-pip (openSUSE-SU-2026:20202-1)	15 Feb 202600:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : python-pip (SUSE-SU-2026:0420-1)	11 Feb 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-pip (SUSE-SU-2026:0805-1)	6 Mar 202600:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-1703

21 Apr 2026 04:34Current

5.7Medium risk

Vulners AI Score5.7

CVSS 42

EPSS0.00026

SSVC