CVE-2026-6357

Name of the Vulnerable Software and Affected Versions pip versions prior to 26.1

Description The self-update check functionality runs after installing wheel files, which requires importing well-known Python module names. These imports were deferred to improve the startup time of the pip CLI. This behavior allows newly installed modules to be imported shortly after the installation of a wheel package.

Recommendations Update to version 26.1 or later. Review package contents prior to installation.