CVE-2026-2297
Received Received - Intake
Improper Audit Handling in CPython SourcelessFileLoader Module

Publication date: 2026-03-04

Last updated on: 2026-05-01

Assigner: Python Software Foundation

Description
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2297
EUVD
EUVD-2026-9498
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
python python *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-668 The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

I don't know

Mitigation Strategies

I don't know

Executive Summary

This vulnerability involves the import hook in CPython that handles legacy .pyc files, specifically the SourcelessFileLoader. The issue is that the FileLoader base class does not use io.open_code() to read .pyc files as it should. Because of this, sys.audit handlers for the related audit event do not get triggered.

Impact Analysis

The impact of this vulnerability is that audit events related to loading legacy .pyc files are not fired. This means that security monitoring or auditing tools relying on sys.audit handlers may not detect or log the loading of these files, potentially allowing malicious or unauthorized code execution to go unnoticed.

Compliance Impact

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2297. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart