CVE-2026-3219
mediumCVSS v3 Base Score
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 95% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Confidentiality
None
Integrity
High
Availability
None
Published: April 20, 2026 (81 days ago)
Last Modified: April 20, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in pip. This vulnerability occurs because pip incorrectly processes concatenated tar and ZIP files as ZIP files, regardless of their true format. This improper handling can lead to confusing installation behavior, potentially causing the installation of unintended or 'incorrect' files. This could allow an attacker to influence the installation process by providing a specially crafted archive.
CWE
CWE-1287Affected Products
Lightspeed CoreMigration Toolkit for Applications 8Migration Toolkit for VirtualizationOpenShift LightspeedOpenShift Service Mesh 3Pen Drive Powered by Red Hat LightspeedRed Hat AI Inference ServerRed Hat Ansible Automation Platform 2Red Hat Developer HubRed Hat Discovery 2