CNNVD-202601-3698 Information
CNNVD ID
CNNVD-202601-3698
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
wheel是Python Packaging Authority开源的一个命令行工具。 wheel 0.46.1及之前版本存在安全漏洞,该漏洞源于解包函数在提取后错误处理文件权限,可能导致权限提升或任意代码执行。
Description (English)
Wheel is a command line tool for Python Packaging Society. There is a security loophole in the sheel 0.46.1 and previous versions, which stems from the error in the processing of file privileges after extraction of the unpacking function, which may lead to an increase in privileges or to any code execution.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Python Packaging Authority
Published
2026-01-22
Last Modified
2026-02-24
References
https://github.com/pypa/wheel/releases/tag/0.46.2 https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef https://access.redhat.com/security/cve/cve-2026-24049
Patch
https://github.com/pypa/wheel/releases
Share on: