The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.
{
"cna_assigner": "PSF",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2297.json"
}{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.13.13"
},
{
"introduced": "3.14.0"
},
{
"fixed": "3.14.4"
},
{
"introduced": "3.15.0a1"
},
{
"fixed": "3.15.0a7"
}
]
}