CVE-2026-6357

medium Red Hat
CVSS v3 Base Score
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 96% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
None
Published: April 27, 2026 (73 days ago)
Last Modified: April 27, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in pip. Prior to version 26.1, pip's self-update check functionality would execute after installing wheel packages. This process involved importing newly installed Python modules. A malicious actor could craft a specially designed wheel package that, when installed, could lead to the execution of arbitrary code or information disclosure due to the premature import of its modules during the self-update check.

CWE

CWE-94

Affected Products

Exploit IntelligenceMigration Toolkit for Applications 8Migration Toolkit for VirtualizationOpenShift LightspeedOpenShift Service Mesh 3Pen Drive Powered by Red Hat LightspeedRed Hat AI Inference ServerRed Hat Ansible Automation Platform 2Red Hat Developer HubRed Hat Discovery 2

References