CVE-2026-8643
EUVD-2026-3368201.06.2026, 17:17
pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| pypa | pip | 𝑥 < 26.1.2 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | 0:25.2-3.el10_2.5 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 9 | 0:25.2-3.el9_8.5 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Ansible Automation Platform 2.6 | 1782711769 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Ansible Automation Platform 2.6 | 1782713671 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Ansible Automation Platform 2.6 | 1782761510 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Discovery 2 | 1782763840 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Hardened Images | 26.1.1-3.1.hum1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Hardened Images | 26.1.2-1.hum1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.0 | 1782929133 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.0 | 1782928984 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.0 | 1782968171 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.0 | 1782929069 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.0 | 1782928977 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.2 | 1782915416 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.2 | 1782915184 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.2 | 1782914833 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.2 | 1782914721 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.2 | 1782914751 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.2 | 1782914629 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782915056 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782916020 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782914960 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782914644 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782914706 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782915015 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782914779 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782914653 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1783010225 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782887848 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782471555 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782471579 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1783073038 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782991170 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782471656 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782471663 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1783069204 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.3 | 1782991170 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782133213 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782726504 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782135464 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782136276 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782135346 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782132167 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782132207 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782132237 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782132240 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782132286 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782132236 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782132163 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat OpenShift AI 3.4 | 1782132297 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Trusted Artifact Signer 1.4 | 1782485441 ≤ 𝑥 < * | ADP |
Debian Releases
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| python-pip-wheel |
| ||||
| python2-pip |
| ||||
| python3-pip |
| ||||
| python3-pip-wheel |
| ||||
| python3.11-pip |
| ||||
| python3.11-pip-wheel |
| ||||
| python3.12-pip |
| ||||
| python3.12-pip-wheel |
| ||||
| python3.13-pip |
| ||||
| python3.13-pip-wheel |
| ||||
| python3.14-pip |
| ||||
| python3.14-pip-wheel |
|
Azure Linux Releases
References