VYPR
None severityNVD Advisory· Published Mar 18, 2026· Updated Apr 7, 2026

CVE-2026-3479

CVE-2026-3479

Description

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model.

pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

102

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.