CVE-2026-3479
CVE-2026-3479 concerns improper resource-argument validation in pkgutil.get_data(), which can enable path traversal. The DISPUTED description notes the function’s security model is the same as open(), and updated docs clarify there is no vulnerability when following the intended model. Connected ...