Security Advisory

CVE-2026-3479

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-18 18:13:42

Last updated 2026-04-07 22:01:35

Assigner PSF

State PUBLISHED

Description

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.

← Browse all CVEs View on cve.org ↗