CVE-2026-2297: Vulnerability in Python Software Foundation CPython
CVE-2026-2297 is a medium severity vulnerability in the Python Software Foundation's CPython implementation. It involves the import hook handling of legacy . pyc files by the SourcelessFileLoader, which inherits from FileLoader. The issue is that FileLoader does not use io. open_code() to read . pyc files, causing sys. audit handlers for this event not to trigger. This could impact auditing and monitoring of code loading activities in affected versions. The vulnerability affects CPython versions 0 through 3. 15.
AI Analysis
Technical Summary
The vulnerability in CPython relates to the import hook mechanism for legacy .pyc files. Specifically, the FileLoader base class does not utilize io.open_code() when reading .pyc files, resulting in sys.audit events not firing as expected. This breaks the auditing chain for these file loads. Affected versions include CPython 0, 3.14.0, and 3.15.0a1. The CVSS 4.0 score is 5.7 (medium severity), with local attack vector, low complexity, partial privileges required, no user interaction, and high impact on integrity. No patch or vendor advisory is currently available, and no exploits are known.
Potential Impact
The primary impact is that sys.audit handlers do not trigger when legacy .pyc files are loaded via the affected import hook. This reduces visibility into code loading events, potentially hindering detection of malicious or unauthorized code execution. There is no direct indication of code execution or privilege escalation from this vulnerability alone. The medium CVSS score reflects the limited but meaningful impact on auditing and integrity.
Mitigation Recommendations
Patch status is not yet confirmed — check the Python Software Foundation advisory for current remediation guidance. Until an official fix is released, users should be aware that auditing of legacy .pyc file imports may be incomplete. No specific workaround or temporary fix is documented at this time.
CVE-2026-2297: Vulnerability in Python Software Foundation CPython
Description
CVE-2026-2297 is a medium severity vulnerability in the Python Software Foundation's CPython implementation. It involves the import hook handling of legacy . pyc files by the SourcelessFileLoader, which inherits from FileLoader. The issue is that FileLoader does not use io. open_code() to read . pyc files, causing sys. audit handlers for this event not to trigger. This could impact auditing and monitoring of code loading activities in affected versions. The vulnerability affects CPython versions 0 through 3. 15.
CVSS v4.0
Score 5.7medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in CPython relates to the import hook mechanism for legacy .pyc files. Specifically, the FileLoader base class does not utilize io.open_code() when reading .pyc files, resulting in sys.audit events not firing as expected. This breaks the auditing chain for these file loads. Affected versions include CPython 0, 3.14.0, and 3.15.0a1. The CVSS 4.0 score is 5.7 (medium severity), with local attack vector, low complexity, partial privileges required, no user interaction, and high impact on integrity. No patch or vendor advisory is currently available, and no exploits are known.
Potential Impact
The primary impact is that sys.audit handlers do not trigger when legacy .pyc files are loaded via the affected import hook. This reduces visibility into code loading events, potentially hindering detection of malicious or unauthorized code execution. There is no direct indication of code execution or privilege escalation from this vulnerability alone. The medium CVSS score reflects the limited but meaningful impact on auditing and integrity.
Mitigation Recommendations
Patch status is not yet confirmed — check the Python Software Foundation advisory for current remediation guidance. Until an official fix is released, users should be aware that auditing of legacy .pyc file imports may be incomplete. No specific workaround or temporary fix is documented at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- PSF
- Date Reserved
- 2026-02-10T16:26:08.298Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69a8afacd1a09e29cb7ac729
Added to database: 3/4/2026, 10:18:20 PM
Last enriched: 5/28/2026, 9:23:36 PM
Last updated: 6/2/2026, 3:45:57 AM
Views: 506
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.