{"uuid": "b7059742-7089-4f6e-83c4-b62d250d2a3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12003", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3moisqvs4mz2g", "content": "CVE-2026-12003, from Jake Yamaki of Bishop Fox: CPython uses VPATH and a Modules/setup.local landmark to find in-tree builds, so a low-privilege Windows user can create that path outside the install dir and inject libraries. CVSSv4 5.3. Should release builds ever look for landmarks? #Python", "creation_timestamp": "2026-06-17T17:13:31.307084Z"}