CVE-2026-28684
mediumCVSS v3 Base Score
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 100% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
None
Integrity
High
Availability
High
Published: April 20, 2026 (80 days ago)
Last Modified: April 20, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in python-dotenv. A local attacker can exploit this by crafting a symbolic link, which the `set_key()` and `unset_key()` functions in python-dotenv follow when rewriting `.env` files. This can lead to the overwriting of arbitrary files on the system.
CWE
CWE-59Affected Products
Lightspeed CoreMigration Toolkit for Applications 8OpenShift LightspeedRed Hat AI Inference ServerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift AI (RHOAI)Red Hat Satellite 6Red Hat OpenShift AI 3.3