CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Fedora•added 2026/02/01 12:50 a.m.•5 views

[SECURITY] Fedora 43 Update: python-wheel-0.45.1-20.fc43

This is a command line tool for manipulating Python wheel files, as defined in PEP 427. It contains the following functionality: - Convert .egg archives into .whl. - Unpack wheel archives. - Repack wheel archives. - Add or remove tags in existing wheel archives...

7.1CVSS5.9AI score0.00278EPSS

Tenable Nessus•added 2026/01/31 12:0 a.m.•1 views

Fedora 43 : python-wheel (2026-ce64e86fd8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ce64e86fd8 advisory. - Security fix for CVE-2026-24049 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Tenable Nessus•added 2026/01/31 12:0 a.m.•2 views

Fedora 43 : mingw-python-wheel (2026-3d31544140)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3d31544140 advisory. Update to 0.46.3, fixes CVE-2026-24049. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Tenable Nessus•added 2026/01/31 12:0 a.m.•1 views

Fedora 42 : mingw-python-wheel (2026-78d626bfca)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-78d626bfca advisory. Update to 0.46.3, fixes CVE-2026-24049. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Tenable Nessus•added 2026/01/31 12:0 a.m.•1 views

Fedora 42 : python-wheel (2026-28a177c207)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-28a177c207 advisory. - Security fix for CVE-2026-24049 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Veracode•added 2026/01/23 9:52 a.m.•7 views

Path Traversal

wheel is vulnerable to Path Traversal.The vulnerability is due to unsafe handling of file permissions during wheel extraction, where the unpack function trusts archive header filenames when applying chmod, allowing a malicious wheel to modify permissions of arbitrary system files after path...

7.1CVSS5.6AI score0.00278EPSS

Exploits2References3Affected Software1

SUSE CVE•added 2026/01/23 12:24 a.m.•3 views

SUSE CVE-2026-24049

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

7.7CVSS6.3AI score0.00278EPSS

Exploits2References11

Tenable Nessus•added 2026/01/23 12:0 a.m.•4 views

FreeBSD : wheel -- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (65439aa0-f77d-11f0-9821-b0416f0c4c67)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 65439aa0-f77d-11f0-9821-b0416f0c4c67 advisory. https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx reports: wheel is a command line...

7.1CVSS8.1AI score0.00278EPSS

Exploits2References3

vulnersOsv•added 2026/01/22 6:2 p.m.•3 views

a-mailx (=0.1.0), a2grunnerp (>=0.1.0 <=0.1.8) +878 more potentially affected by CVE-2026-24049 via wheel (>=0.40.0 <=0.46.1)

wheel PYPI version =0.40.0, =0.1.0, =0.4.24, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =1.0.0, =1.1.0, =1.1.0, =0.0.6, =0.1.0, =1.2.6, =1.2.7 and more Source cves: CVE-2026-24049 Source advisory: OSV:GHSA-8RRH-RW8J-W5FX...

7.1CVSS6.6AI score0.00278EPSS

OSV•added 2026/01/22 6:2 p.m.•3 views

GHSA-8RRH-RW8J-W5FX Wheel Affected by Arbitrary File Permission Modification via Path Traversal in wheel unpack

Summary - Vulnerability Type: Path Traversal CWE-22 leading to Arbitrary File Permission Modification. - Root Cause Component: wheel.cli.unpack.unpack function. - Affected Packages: 1. wheel Upstream source 2. setuptools Downstream, vendors wheel - Severity: High Allows modifying system file...

Github Security Blog•added 2026/01/22 6:2 p.m.•7 views

Exploits2References6

Wheel Affected by Arbitrary File Permission Modification via Path Traversal in wheel unpack

7.1CVSS6.4AI score0.00278EPSS

Exploits2References6Affected Software1

NVD•added 2026/01/22 5:16 a.m.•5 views

CVE-2026-24049

7.1CVSS0.00278EPSS

Exploits2References3

OSV•added 2026/01/22 5:16 a.m.•3 views

AZL-75192 CVE-2026-24049 affecting package python-virtualenv 20.26.6-2

7.1CVSS7.9AI score0.00278EPSS

OSV•added 2026/01/22 5:16 a.m.•3 views

AZL-77826 CVE-2026-24049 affecting package python-virtualenv 20.36.1-1

7.1CVSS6.6AI score0.00278EPSS

OSV•added 2026/01/22 5:16 a.m.•1 views

ALPINE-CVE-2026-24049

5.5CVSS7.1AI score0.00278EPSS

OSV•added 2026/01/22 5:16 a.m.•4 views

AZL-75195 CVE-2026-24049 affecting package python-wheel 0.43.0-1

7.1CVSS7.9AI score0.00278EPSS

UbuntuCve•added 2026/01/22 5:16 a.m.•4 views

CVE-2026-24049

7.1CVSS7.2AI score0.00278EPSS

Exploits2References5

OSV•added 2026/01/22 5:16 a.m.•7 views

UBUNTU-CVE-2026-24049

7.1CVSS7.8AI score0.00278EPSS

Exploits2References6

vulnersOsv•added 2026/01/22 4:57 a.m.•1 views

a-mailx (=0.1.0), a2grunnerp (>=0.1.0 <=0.1.8) +1589 more potentially affected by CVE-2026-24049 via wheel (>=0.24.0 <=0.46.1)

wheel PYPI version =0.24.0, =0.1.0, =0.1.0, =0.4.24, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.0.3, =1.0.0, =1.1.0, =1.1.0, =1.2.5 and more Source cves: CVE-2026-24049 Source advisory: SNYK:PYTHON-WHEEL-15053866...

7.1CVSS6.6AI score0.00278EPSS