All vulnerabilities

CVE-2026-1703

pip Path Traversal vulnerability

Description

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Score
2
Severity
Low
Ecosystem
Python
Publish Date
February 2, 2026
Modified Date
March 23, 2026
Score Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Versions