CVE-2026-33139

Name of the Vulnerable Software and Affected Versions PySpector versions 0.1.6 and prior

Description PySpector, a static analysis security testing framework for Python development, is affected by a security validation bypass in its plugin system. The validate plugin code() function in plugin system.py is designed to block dangerous API calls before a plugin is executed. However, the resolve name() helper function only handles ast.Name and ast.Attribute node types, failing to recognize other node types like ast.Call. This allows plugins to bypass the security check by using indirect function calls via getattr() (for example, getattr(os, 'system')). Consequently, a malicious plugin can execute arbitrary system commands on the user's machine when loaded. An attacker who can deliver a malicious plugin file to a PySpector user and convince them to install it can achieve arbitrary code execution on the user's local machine. Exploitation requires the victim to explicitly run pyspector plugin install --trust on the malicious file. Once the plugin is trusted and executed, an attacker can gain full read/write access to the local filesystem, exfiltrate sensitive data, establish persistence mechanisms, and potentially move laterally in CI/CD environments.

Recommendations Versions prior to 0.1.7 are affected. Update PySpector to version 0.1.7 or later.