vulnerability
FreeBSD: VID-fd3855b8-efbc-11f0-9e3f-b0416f0c4c67 (CVE-2026-22702): virtualenv -- CWE-59: Improper Link Resolution Before File Access ('Link Following')
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:S/C:P/I:P/A:P) | Jan 12, 2026 | Jan 27, 2026 | Jan 27, 2026 |
Severity
4
CVSS
(AV:L/AC:M/Au:S/C:P/I:P/A:P)
Published
Jan 12, 2026
Added
Jan 27, 2026
Modified
Jan 27, 2026
Description
https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986 reports: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1.
Solutions
freebsd-upgrade-package-py310-virtualenvfreebsd-upgrade-package-py311-virtualenvfreebsd-upgrade-package-py312-virtualenvfreebsd-upgrade-package-py313-virtualenvfreebsd-upgrade-package-py313t-virtualenvfreebsd-upgrade-package-py314-virtualenv
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.