Vulnerable Library - setuptools-82.0.1-py3-none-any.whl
Most extensible Python build backend with support for C/C++ extension modules
Library home page: https://files.pythonhosted.org/packages/9d/76/f789f7a86709c6b087c5a2f52f911838cad707cc613162401badc665acfe/setuptools-82.0.1-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/11/setuptools-82.0.1-py3-none-any.whl,/tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/13/setuptools-82.0.1-py3-none-any.whl,/tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/16/setuptools-82.0.1-py3-none-any.whl
Vulnerabilities
| Vulnerability |
Severity |
CVSS |
Dependency |
Type |
Fixed in (setuptools version) |
Remediation Possible** |
| CVE-2026-59890 |
Medium |
6.1 |
setuptools-82.0.1-py3-none-any.whl |
Direct |
83.0.0 |
❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-59890
Vulnerable Library - setuptools-82.0.1-py3-none-any.whl
Most extensible Python build backend with support for C/C++ extension modules
Library home page: https://files.pythonhosted.org/packages/9d/76/f789f7a86709c6b087c5a2f52f911838cad707cc613162401badc665acfe/setuptools-82.0.1-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/11/setuptools-82.0.1-py3-none-any.whl,/tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/13/setuptools-82.0.1-py3-none-any.whl,/tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/16/setuptools-82.0.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ setuptools-82.0.1-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.
Publish Date: 2026-07-08
URL: CVE-2026-59890
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-h35f-9h28-mq5c
Release Date: 2026-07-08
Fix Resolution: 83.0.0
Step up your Open Source Security Game with Mend here
Most extensible Python build backend with support for C/C++ extension modules
Library home page: https://files.pythonhosted.org/packages/9d/76/f789f7a86709c6b087c5a2f52f911838cad707cc613162401badc665acfe/setuptools-82.0.1-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/11/setuptools-82.0.1-py3-none-any.whl,/tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/13/setuptools-82.0.1-py3-none-any.whl,/tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/16/setuptools-82.0.1-py3-none-any.whl
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - setuptools-82.0.1-py3-none-any.whl
Most extensible Python build backend with support for C/C++ extension modules
Library home page: https://files.pythonhosted.org/packages/9d/76/f789f7a86709c6b087c5a2f52f911838cad707cc613162401badc665acfe/setuptools-82.0.1-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/11/setuptools-82.0.1-py3-none-any.whl,/tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/13/setuptools-82.0.1-py3-none-any.whl,/tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/16/setuptools-82.0.1-py3-none-any.whl
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.
Publish Date: 2026-07-08
URL: CVE-2026-59890
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-h35f-9h28-mq5c
Release Date: 2026-07-08
Fix Resolution: 83.0.0
Step up your Open Source Security Game with Mend here