AZL-76499

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-76499.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-76499

Upstream

CVE-2026-1703

Published

2026-02-02T15:16:30Z

Modified

2026-04-01T05:22:57.948392Z

Summary

CVE-2026-1703 affecting package python3 3.9.19-19

Details

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-1703

Affected packages

Azure Linux:2 / python3

Package

Name: python3
Purl: pkg:rpm/azure-linux/python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.9.19-19

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-76499.json"