PyPI package
wheel
pkg:pypi/wheel
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24049 | — | >= 0.40.0, < 0.46.2 | 0.46.2 | Jan 22, 2026 | wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the fil | ||
| CVE-2022-40898 | — | < 0.38.1 | 0.38.1 | Dec 22, 2022 | An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. |
- CVE-2026-24049Jan 22, 2026affected >= 0.40.0, < 0.46.2fixed 0.46.2
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the fil
- CVE-2022-40898Dec 22, 2022affected < 0.38.1fixed 0.38.1
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.