CVE-2026-41206

216.73.217.22

· Published 23/04/2026 02:16 · Modified 24/04/2026 14:50

Labels: CVE-2026-41206 2026-04-23 CVE-2026-41206 CWE-184 [email protected]

Essential information

Published: 23/04/2026 02:16
Modified: 24/04/2026 14:50
Author: —
Creator: —
CVSS: 6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in `PluginSecurity.validate_plugin_code` is incomplete and can be bypassed using several Python constructs that are not checked. An attacker who can supply a plugin file can achieve arbitrary code execution within the PySpector process when that plugin is installed and executed. Version 0.1.8 fixes the issue.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
pyspector / pyspector	`cpe:2.3:a:pyspector:pyspector::::::::`