UBUNTU-CVE-2026-8643
- Source
- https://ubuntu.com/security/CVE-2026-8643
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8643.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-8643
- Upstream
- Published
- 2026-06-01T17:17:00Z
- Modified
- 2026-06-08T09:45:23.480274092Z
- Severity
-
- 4.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.
- References
Affected packages
Ubuntu:25.10
python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:14.04:LTS
python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.4.1-2
1.5.4-1
1.5.4-1ubuntu1
1.5.4-1ubuntu3
1.5.4-1ubuntu4
1.5.4-1ubuntu4+esm1
1.5.4-1ubuntu4+esm2
1.5.4-1ubuntu4+esm3
1.5.4-1ubuntu4+esm4
1.5.4-1ubuntu4+esm5
Ubuntu:Pro:16.04:LTS
python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.5.6-7ubuntu1
1.5.6-7ubuntu2
8.*
8.0.2-7
8.0.3-1
8.0.3-2
8.1.0-1
8.1.0-2
8.1.1-1
8.1.1-2
8.1.1-2ubuntu0.1
8.1.1-2ubuntu0.2
8.1.1-2ubuntu0.4
8.1.1-2ubuntu0.6
8.1.1-2ubuntu0.6+esm2
8.1.1-2ubuntu0.6+esm3
8.1.1-2ubuntu0.6+esm4
8.1.1-2ubuntu0.6+esm5
8.1.1-2ubuntu0.6+esm6
8.1.1-2ubuntu0.6+esm8
8.1.1-2ubuntu0.6+esm10
8.1.1-2ubuntu0.6+esm11
8.1.1-2ubuntu0.6+esm12
Ubuntu:Pro:18.04:LTS
python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.1-2
9.0.1-2.3~ubuntu1
9.0.1-2.3~ubuntu1.18.04.1
9.0.1-2.3~ubuntu1.18.04.2
9.0.1-2.3~ubuntu1.18.04.3
9.0.1-2.3~ubuntu1.18.04.4
9.0.1-2.3~ubuntu1.18.04.5
9.0.1-2.3~ubuntu1.18.04.5+esm2
9.0.1-2.3~ubuntu1.18.04.5+esm3
9.0.1-2.3~ubuntu1.18.04.6
9.0.1-2.3~ubuntu1.18.04.6+esm1
9.0.1-2.3~ubuntu1.18.04.7
9.0.1-2.3~ubuntu1.18.04.7+esm1
9.0.1-2.3~ubuntu1.18.04.8
9.0.1-2.3~ubuntu1.18.04.8+esm1
9.0.1-2.3~ubuntu1.18.04.8+esm2
9.0.1-2.3~ubuntu1.18.04.8+esm4
9.0.1-2.3~ubuntu1.18.04.8+esm6
9.0.1-2.3~ubuntu1.18.04.8+esm7
9.0.1-2.3~ubuntu1.18.04.8+esm8
Ubuntu:Pro:20.04:LTS
python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
18.*
18.1-5
18.1-5build1
18.1-5ubuntu1
20.*
20.0.2-2
20.0.2-4
20.0.2-5
20.0.2-5ubuntu1
20.0.2-5ubuntu1.1
20.0.2-5ubuntu1.3
20.0.2-5ubuntu1.4
20.0.2-5ubuntu1.5
20.0.2-5ubuntu1.6
20.0.2-5ubuntu1.7
20.0.2-5ubuntu1.8
20.0.2-5ubuntu1.9
20.0.2-5ubuntu1.10
20.0.2-5ubuntu1.10+esm2
20.0.2-5ubuntu1.11
20.0.2-5ubuntu1.11+esm2
20.0.2-5ubuntu1.11+esm3
20.0.2-5ubuntu1.11+esm4
Ubuntu:Pro:22.04:LTS
python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
20.*
20.3.4-4
21.*
21.3.1+dfsg-3
22.*
22.0.2+dfsg-1
22.0.2+dfsg-1ubuntu0.1
22.0.2+dfsg-1ubuntu0.2
22.0.2+dfsg-1ubuntu0.3
22.0.2+dfsg-1ubuntu0.4
22.0.2+dfsg-1ubuntu0.5
22.0.2+dfsg-1ubuntu0.6
22.0.2+dfsg-1ubuntu0.7
22.0.2+dfsg-1ubuntu0.7+esm1
22.0.2+dfsg-1ubuntu0.7+esm2
22.0.2+dfsg-1ubuntu0.7+esm3
Ubuntu:Pro:24.04:LTS
python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
23.*
23.2+dfsg-1
23.3+dfsg-1
24.*
24.0+dfsg-1
24.0+dfsg-1ubuntu1
24.0+dfsg-1ubuntu1.1
24.0+dfsg-1ubuntu1.2
24.0+dfsg-1ubuntu1.3
24.0+dfsg-1ubuntu1.3+esm1
24.0+dfsg-1ubuntu1.3+esm2
24.0+dfsg-1ubuntu1.3+esm3
Ubuntu:Pro:26.04:LTS
python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Fresolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
25.*
25.1.1+dfsg-1ubuntu2
25.1.1+dfsg-1ubuntu2+esm1
25.1.1+dfsg-1ubuntu2+esm2
25.1.1+dfsg-1ubuntu2+esm3