QwikSec

Security Database

CVE

CWE

Training

CVE-2026-2297

Published: Mar 4, 2026

Modified: May 1, 2026

PUBLISHED

Description

The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.

Vendor	Product	Versions
Python Software Foundation	CPython	affected `0 - < 3.13.13` affected `3.14.0 - < 3.14.4` affected `3.15.0a1 - < 3.15.0a7`

References

https://github.com/python/cpython/issues/145506

issue-tracking

https://github.com/python/cpython/pull/145507

patch

https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e

patch

https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e

patch

https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86

patch

https://github.com/python/cpython/commit/69ddd9bb2cc4bd69b1565647c18659c6a789ccd9

patch

https://github.com/python/cpython/commit/876858c9f65d9ab656c7fa639f268ce7856d89dd

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.