Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1530)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1530 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...

Limited path traversal when installing wheel archives

...

SUSE: Security Advisory (SUSE-SU-2026:20423-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-PIP-2026-1703 Limited path traversal when installing wheel archives

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

openSUSE 16 Security Update : python-pip (openSUSE-SU-2026:20202-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20202-1 advisory. - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599...

SUSE-SU-2026:20423-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599...

OPENSUSE-SU-2026:20202-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the iswithindirectory function, during the extraction process of maliciously crafted wheel archives. An attacker can write files outside the intended installation directory by including specially crafted file pat...

CVE-2026-1703 Limited path traversal when installing wheel archives

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

EUVD-2026-5106

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

CVE-2026-1703

CVE-2026-1703 describes a path traversal in wheel extraction during pip install. When parsing a malicious wheel, files may be extracted outside the installation directory, but the traversal is limited to prefixes of the installation directory and is not able to inject/overwrite executable files i...

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. There is a security vulnerability in pip, which stems from potential path traversal when installing maliciously crafted wheel archives, potentially leading to files being extracted outside of the installation directory...