Can you explain this vulnerability to me?

CVE-2026-32274 is a security vulnerability in the Python code formatter Black, affecting versions prior to 26.3.1. The issue arises because Black writes a cache file whose filename is computed from various formatting options, including the value of the --python-cell-magics option. This value was included in the cache filename without any sanitization, allowing an attacker who controls this argument to influence the cache file path.

Because the --python-cell-magics value was not sanitized, an attacker could craft this input to cause Black to write cache files to arbitrary locations on the file system, potentially leading to arbitrary file write vulnerabilities.

The vulnerability was fixed in Black version 26.3.1 by hashing the components of the cache filename derived from the --python-cell-magics option using SHA-256, preventing unsafe or malicious cache file paths.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can allow an attacker who can control the --python-cell-magics input to cause Black to write cache files to arbitrary locations on the file system.

Such arbitrary file writes can lead to overwriting or creating files outside the intended cache directory, which poses significant security risks including potential code execution, data corruption, or system compromise.

If exploited, it could allow an attacker to manipulate files on your system without proper authorization, undermining system integrity and security.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability involves Black writing cache files with filenames derived from the --python-cell-magics option without sanitization, allowing arbitrary file writes. Detection involves checking for unexpected or suspicious cache files created by Black in unusual filesystem locations.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is related to the cache filename generation in Black prior to version 26.3.1, you can detect it by verifying the Black version installed on your system.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect the vulnerability include:'}, {'type': 'list_item', 'content': 'Check Black version: `black --version` (versions prior to 26.3.1 are vulnerable).'}, {'type': 'list_item', 'content': "Search for suspicious cache files in your filesystem, especially files created by Black with unusual names or outside expected cache directories, for example: `find /path/to/project -name '*black*cache*'` or `find / -type f -name '*black*' 2>/dev/null`."}, {'type': 'list_item', 'content': 'Audit usage of the `--python-cell-magics` option in your Black commands or scripts to ensure it is not set with untrusted or malicious values.'}, {'type': 'paragraph', 'content': 'No specific detection commands or network signatures are provided in the available resources.'}] [1, 2, 3]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, the primary step is to upgrade Black to version 26.3.1 or later, where the issue is fixed by hashing the cache filename components derived from the --python-cell-magics option to prevent arbitrary file writes.

Additional immediate mitigation steps include:

• Avoid using untrusted input for the --python-cell-magics option to prevent attackers from controlling cache file paths.
• Review and restrict permissions on directories where Black cache files are stored to limit potential damage from arbitrary file writes.
• If upgrading immediately is not possible, consider disabling or limiting the use of the --python-cell-magics option in your workflows.

Useful 0 Not Useful 0