CVE-2026-59890 - Medium Severity Vulnerability
Vulnerable Library - setuptools-82.0.1-py3-none-any.whl
Most extensible Python build backend with support for C/C++ extension modules
Library home page: https://files.pythonhosted.org/packages/9d/76/f789f7a86709c6b087c5a2f52f911838cad707cc613162401badc665acfe/setuptools-82.0.1-py3-none-any.whl
Path to dependency file: /tmp/ws-scm/spotfire-python
Path to vulnerable library: /tmp/ws-ua_20260506063530_RVRPSW/python_WSYGMI/202605060635311/env/lib/python3.10/site-packages/setuptools-82.0.1.dist-info
Dependency Hierarchy:
- ❌ setuptools-82.0.1-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.
Publish Date: 2026-07-08
URL: CVE-2026-59890
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: N/A
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-h35f-9h28-mq5c
Release Date: 2026-07-08
Fix Resolution: 83.0.0
CVE-2026-59890 - Medium Severity Vulnerability
Most extensible Python build backend with support for C/C++ extension modules
Library home page: https://files.pythonhosted.org/packages/9d/76/f789f7a86709c6b087c5a2f52f911838cad707cc613162401badc665acfe/setuptools-82.0.1-py3-none-any.whl
Path to dependency file: /tmp/ws-scm/spotfire-python
Path to vulnerable library: /tmp/ws-ua_20260506063530_RVRPSW/python_WSYGMI/202605060635311/env/lib/python3.10/site-packages/setuptools-82.0.1.dist-info
Dependency Hierarchy:
Found in base branch: main
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.
Publish Date: 2026-07-08
URL: CVE-2026-59890
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: N/A
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Type: Upgrade version
Origin: GHSA-h35f-9h28-mq5c
Release Date: 2026-07-08
Fix Resolution: 83.0.0