3 matches found
CVE-2026-41206
Summary: CVE-2026-41206 affects PySpector, a Python SAST framework. The vulnerability lies in the plugin security validator’s static analysis in the function/class handling plugin loading via PluginSecurity.validate_plugin_code. Before version 0.1.8, the blocklist is incomplete and can be bypasse...
CVE-2026-33139
PySpector ≤ 0.1.6 is affected by a plugin sandbox bypass in plugin_system.py. The validate_plugin_code() static analysis only handles ast.Name and ast.Attribute; calls built via indirect function calls (e.g., getattr(os, 'system')) yield an ast.Call, causing resolve_name() to return None and bypa...
CVE-2026-33140
CVE-2026-33140 affects PySpector prior to 0.1.7. A stored XSS exists in the HTML report generator: when scanning a Python file containing JavaScript payloads (e.g., inside eval()), the vulnerable snippet is interpolated into the HTML report without sanitization, causing embedded JavaScript to run...