Wheel Project Wheel vulnerabilities

CVE-2026-24049 [MEDIUM] CWE-22 CVE-2026-24049: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the e

CVE-2022-40898 [HIGH] CWE-20 CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote atta An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.