None severityNVD Advisory· Published Mar 18, 2026· Updated Apr 7, 2026
CVE-2026-3479
CVE-2026-3479
Description
DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model.
pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
102(expand)+ 1 more
- (no CPE)
- (no CPE)
- osv-coords100 versionspkg:apk/chainguard/python-3.13pkg:apk/chainguard/python-3.14pkg:apk/wolfi/python-3.13pkg:apk/wolfi/python-3.14pkg:bitnami/pythonpkg:bitnami/python-minpkg:rpm/opensuse/python310-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python310&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python310&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python310-documentation&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python311-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python311&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python311&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python311-documentation&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python312-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python312&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python312&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python312-documentation&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python313-core&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python313&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python313&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python313-documentation&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python313-nogil&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python313-nogil-nogil-core&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python314&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python315&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-moto&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python310-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python310-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python310-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python310-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python310&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python310&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python310&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python310&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/python311&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python312-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/python312-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/python312&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/python312&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/python313-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python313-core&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python313-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python313-core&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/python313&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python313&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python313&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python313&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/python313-documentation&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python313-documentation&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python36-core&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/python36-core&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 3.13.13-r0+ 99 more
- (no CPE)range: < 3.13.13-r0
- (no CPE)range: < 3.14.4-r0
- (no CPE)range: < 3.13.13-r0
- (no CPE)range: < 3.14.4-r0
- (no CPE)range: < 3.15.0
- (no CPE)range: < 3.15.0
- (no CPE)range: < 3.10.20-150400.4.107.1
- (no CPE)range: < 3.10.20-150400.4.107.1
- (no CPE)range: < 3.10.20-4.1
- (no CPE)range: < 3.10.20-150400.4.107.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.15-5.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.12.13-150600.3.53.1
- (no CPE)range: < 3.12.13-150600.3.53.1
- (no CPE)range: < 3.12.13-5.1
- (no CPE)range: < 3.12.13-150600.3.53.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.13.13-1.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.14.4-1.1
- (no CPE)range: < 3.15.0~a8-1.1
- (no CPE)range: < 5.2.1-1.1
- (no CPE)range: < 3.10.20-150400.4.107.1
- (no CPE)range: < 3.10.20-150400.4.107.1
- (no CPE)range: < 3.10.20-150400.4.107.1
- (no CPE)range: < 3.10.20-150400.4.107.1
- (no CPE)range: < 3.10.20-150400.4.107.1
- (no CPE)range: < 3.10.20-150400.4.107.1
- (no CPE)range: < 3.10.20-150400.4.107.1
- (no CPE)range: < 3.10.20-150400.4.107.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.15-slfo.1.1_3.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.15-slfo.1.1_3.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.11.15-150400.9.85.1
- (no CPE)range: < 3.12.13-150600.3.53.1
- (no CPE)range: < 3.12.13-150600.3.53.1
- (no CPE)range: < 3.12.13-150600.3.53.1
- (no CPE)range: < 3.12.13-150600.3.53.1
- (no CPE)range: < 3.13.13-150700.4.45.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.13.13-150700.4.45.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.13.13-160000.1.1
- (no CPE)range: < 3.6.15-108.1
- (no CPE)range: < 3.6.15-108.1
- (no CPE)range: < 3.6.15-108.1
- (no CPE)range: < 3.6.15-108.1
- (no CPE)range: < 3.4.10-25.180.1
- (no CPE)range: < 3.4.10-25.180.1
- (no CPE)range: < 3.4.10-25.180.1
- (no CPE)range: < 3.4.10-25.180.1
- (no CPE)range: < 2.7.18-150000.114.1
- (no CPE)range: < 2.7.18-33.74.1
- (no CPE)range: < 2.7.18-33.74.1
- (no CPE)range: < 2.7.18-150000.114.1
- (no CPE)range: < 2.7.18-33.74.1
- (no CPE)range: < 2.7.18-33.74.1
- (no CPE)range: < 2.7.18-33.74.1
- (no CPE)range: < 2.7.18-33.74.1
Patches
Vulnerability mechanics
References
7- github.com/python/cpython/commit/5af6ce3e7b643a30a02d22245c1e3f4a8bc0a1fenvd
- github.com/python/cpython/commit/bcdf231946b1da8bdfbab4c05539bb0cc964a1c7nvd
- github.com/python/cpython/commit/cf59bf76470f3d75ad47d80ffb8ce76b64b5e943nvd
- github.com/python/cpython/commit/d786d59a8f7196bb630100a869f28ad13436b59cnvd
- github.com/python/cpython/issues/146121nvd
- github.com/python/cpython/pull/146122nvd
- mail.python.org/archives/list/security-announce@python.org/thread/WYLLVQOOCKGK73JM7Z7ZSNOJC4N7BAWY/nvd
News mentions
0No linked articles in our index yet.