CVE-2026-1703

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions pip (affected versions not specified)

Description A crafted wheel archive during installation and extraction by pip may allow files to be extracted outside the intended installation directory. This path traversal is limited to prefixes of the installation directory, restricting the ability to overwrite executable files in common scenarios.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

AZL-76496

AZL-76499

AZL-76593

AZL-76599

AZL-77910

BDU:2026-01708

BIT-PIP-2026-1703

CVE-2026-1703

ECHO-7DB2-03AA-5591

GHSA-6VGW-5PG2-W6JP

OESA-2026-1443

OESA-2026-1444

OESA-2026-1446

OESA-2026-1447

OESA-2026-1448

OPENSUSE-SU-2026:10210-1

OPENSUSE-SU-2026:20202-1

RHSA-2026:7610

SUSE-SU-2026:0420-1

SUSE-SU-2026:0805-1

SUSE-SU-2026:20423-1

Affected Products

Red Os

Pip

CVE-2026-1703

Weakness Enumeration

Related Identifiers

Affected Products

References · 50