Bug 2444691 (CVE-2026-2297)

Summary: CVE-2026-2297 cpython: CPython: Logging Bypass in Legacy .pyc File Handling
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bbrownin, dfreiber, drow, jburrell, ljawale, luizcosta, nweather, rbobbitt, teagle, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files (.pyc), does not properly trigger system audit events. This oversight could enable malicious activities to go undetected, compromising the integrity of the system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2444699, 2444701, 2444703, 2444709, 2444710, 2444700, 2444702, 2444704, 2444705, 2444706, 2444707, 2444708    
Bug Blocks:    

Description OSIDB Bzimport 2026-03-04 23:01:32 UTC 
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.
Comment 6 errata-xmlrpc 2026-04-27 14:54:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:10950 https://access.redhat.com/errata/RHSA-2026:10950
Comment 7 errata-xmlrpc 2026-05-19 13:02:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19019 https://access.redhat.com/errata/RHSA-2026:19019
Comment 8 errata-xmlrpc 2026-05-19 13:07:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19064 https://access.redhat.com/errata/RHSA-2026:19064
Comment 9 errata-xmlrpc 2026-05-19 17:59:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19176 https://access.redhat.com/errata/RHSA-2026:19176
Comment 10 errata-xmlrpc 2026-05-19 17:59:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19177 https://access.redhat.com/errata/RHSA-2026:19177