Directory Shadowing Vulnerability in pymanager by Python
CVE-2026-5271

5.6MEDIUM

Key Information:

Vendor: Python Software Foundation
Status: Pymanager
Vendor: CVE Published:; 1 April 2026

🔔 Create Python Software Foundation Vulnerability Alert

What is CVE-2026-5271?

The pymanager application by Python introduces a vulnerability due to the inclusion of the current working directory in sys.path. This design flaw allows for the potential shadowing of Python modules, where malicious or unintended modules in the current working directory can override legitimate ones. Consequently, this could lead to unforeseen behavior and potential exploitation of the application, emphasizing the need for careful management of module paths in Python applications.

Affected Version(s)

pymanager 26.0 < 26.1

References

https://github.com/python/pymanager/security/advisories/G...

vendor-advisory

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Mar 31, 2026

Credit

Steve Dower

LAKSHMIKANTHAN K

CVE-2026-5271 Data

JSON