CVE-2026-32274
CVE-2026-32274 affects the Black Python formatter prior to 26.3.1. The cache filename is derived from various formatting options, and the value of the --python-cell-magics option was included without sanitization, allowing an attacker who controls that value to write cache files to arbitrary file...