CVE-2026-2297

UNKNOWN 0.0

SourcelessFileLoader does not use io.open_code()

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

4th

The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.

Vendor	python software foundation
Product	cpython
Published	Mar 4, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for python software foundation cpython

Be the first to know when new unknown vulnerabilities affecting python software foundation cpython are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Python Software Foundation / CPython

0 < 3.13.13 3.14.0 < 3.14.4 3.15.0a1 < 3.15.0a7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/python/cpython/issues/145506 github.com: https://github.com/python/cpython/pull/145507 github.com: https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e github.com: https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e github.com: https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86 openwall.com: http://www.openwall.com/lists/oss-security/2026/03/05/6