GHSA-CRQM-M339-7M2P pyzipper has an encryption bypass for small files encrypted using it

Impact A Python operator precedence bug in pyzipper/zipfileaes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...

pyzipper has an encryption bypass for small files encrypted using it

Impact A Python operator precedence bug in pyzipper/zipfileaes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...

aiq-platform-api (>=1.0.17 <=1.0.50), ajpack (>=1.0.13 <=1.29.0) +80 more potentially affected by CVE-2026-44722 via pyzipper (>=0.3.5 <=0.3.6)

pyzipper PYPI version =0.3.5, =1.0.17, =1.0.13, =0.2.0, =0.2.6, =1.0.2, =0.1.5, =0.7.0, =0.2.5, =2.3.1, =2.83.0, =1.0.0, =1.0.0, =2.2.0 and more Source cves: CVE-2026-44722 Source advisory: OSV:GHSA-CRQM-M339-7M2P...

PT-2026-41139

Impact A Python operator precedence bug in pyzipper/zipfile aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...

pyzipper

No d...