coopihc-modelchecks (=0.1.0), iperturb (=0.2.0) potentially affected by CVE-2026-31048 via pyro (=3.16.0)

pyro PYPI version =3.16.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyro and may be impacted: - coopihc-modelchecks =0.1.0 - iperturb =0.2.0 Source cves: CVE-2026-31048 Source advisory: SNYK:PYTHON-PYRO-16428622...

PYSEC-2018-99

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...