CVE-2026-8643

ADVISORY - nist

Summary

pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.

EPSS Score⁠: 0.00013 (0.022)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADVISORY - redhat

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impacted images

Advisories

NIST

CREATED

4 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-8643⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-22⁠

CVSS SCORE

4.1medium

Debian

CREATED

8 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-8643⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

7 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-8643⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

PypA

CREATED

4 days ago

UPDATED

7 hours ago

ADVISORY ID

PYSEC-2026-196

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

Red Hat

CREATED

9 days ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-8643⁠

EXPLOITABILITY SCORE

2.1

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-22⁠

CVSS SCORE

8high