Changeflow GovPing Data Privacy & Cybersecurity Python Path Traversal Vulnerability Disclosed
Priority review Notice Added Final

Python Path Traversal Vulnerability Disclosed

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 18th, 2026
Detected March 19th, 2026
Email

Summary

CERT-Bund has disclosed a path traversal vulnerability in Python versions prior to 3.15.0. The vulnerability, with a CVSS base score of 4.0, allows local attackers to exploit the flaw. Mitigation is available.

View original document View source feed page

What changed

CERT-Bund has issued a security advisory (WID-SEC-2026-0791) detailing a path traversal vulnerability affecting Open Source Python CPython versions prior to 3.15.0. The vulnerability, rated with a CVSS base score of 4.0 (medium), can be exploited by a local attacker. The advisory indicates that mitigation measures are available.

Organizations utilizing Python versions prior to 3.15.0, particularly those running on Linux, MacOS X, UNIX, or Windows, should review the advisory and implement available mitigations to address the path traversal risk. While the vulnerability requires local access, it could be a component of a larger attack chain. Further information and specific CVE details are referenced in the advisory.

What to do next

  1. Review CERT-Bund advisory WID-SEC-2026-0791 for affected Python versions.
  2. Implement available mitigation measures for path traversal vulnerabilities.
  3. Assess potential impact on systems running vulnerable Python versions.

Source document (simplified)

[WID-SEC-2026-0791] Python: Schwachstelle ermöglicht Path Traversal CVSS Base Score 4.0 (mittel) CVSS Temporal Score 3.5 (niedrig) Remoteangriff nein Datum 18.03.2026 Stand 19.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • MacOS X
  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

Python ist eine universelle, üblicherweise interpretierte, höhere Programmiersprache.

Produkte

18.03.2026
- Open Source Python CPython <3.15.0

Angriff

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Python ausnutzen, um einen Path-Traversal Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Named provisions

Betroffene Systeme Angriff

Related changes

Favicon for wid.cert-bund.de Xpdf Vulnerability Allows Denial of Service
Routine Mar 19, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Jenkins Vulnerabilities Allow Code Execution and Info Disclosure
Priority review Mar 19, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Dell Secure Connect Gateway Policy Manager Critical Vulnerabilities
Urgent Mar 19, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov CISA KEV: Cisco FMC Vulnerability Allows Root Java Code Execution (CVE-2026-20131)
Urgent Mar 20, 2026 CISA Known Exploited Vulnerabilities (KEV) Data Privacy & Cybersecurity
Favicon for www.ukri.org UKRI Funding for Secure Software Projects
Priority review Mar 20, 2026 UKRI Funding Opportunities (All Councils) Trade & Sanctions
Favicon for edpb.europa.eu EDPB-EDPS Joint Opinion on Cybersecurity Act 2 and NIS 2 Directive Amendments
Priority review Mar 20, 2026 EDPB Documents (GDPR) Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 18th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0791

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Software Development System Administration
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Software Vulnerabilities Information Security

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 212 Consumer Protection 35 Courts & Legal 255 Data Privacy & Cybersecurity 59 Defense & National Security 48 Education 20 Energy 102 Environment 82 Government & Legislation 245 Healthcare 116 Housing 15 Immigration 9 Insurance 58 Labor & Employment 110 Pharma & Drug Safety 77 Securities & Markets 73 Tax 54 Telecom & Technology 34 Trade & Sanctions 122 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.