← Volver a CVEs
CVE-2026-32274
HIGH7.5
Descripcion
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. Fixed in Black 26.3.1.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/12/2026
Ultima modificacion3/18/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
python:black
Debilidades (CWE)
CWE-22
Referencias
https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d(security-advisories@github.com)
https://github.com/psf/black/pull/5038(security-advisories@github.com)
https://github.com/psf/black/releases/tag/26.3.1(security-advisories@github.com)
https://github.com/psf/black/security/advisories/GHSA-3936-cmfr-pm3m(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.