Pypi · Pip · CVE-2026-8643
**Name of the Vulnerable Software and Affected Versions**
pip (affected versions not specified)
**Description**
pip fails to sanitize the resolved absolute path to the installation directory when treating `console scripts` and `gui scripts` as paths rather than file names. This allows entry points to be installed outside the intended installation directory.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.