Theskumar Python-Dotenv vulnerabilities

1 known vulnerability affecting theskumar/python-dotenv.

Total CVEs
1
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-28684MEDIUMCVSS 6.6fixed in 1.2.22026-04-20
CVE-2026-28684 [MEDIUM] CWE-59 CVE-2026-28684: python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prio python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Users s
ghsanvdredhat
Theskumar Python-Dotenv vulnerabilities | cvebase