CVE-2022-26488

HIGH

Python <3.10.3 (Windows) - Privilege Escalation

Title source: llm

Description

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.

Exploits (1)

nomisec WORKING POC

by techspence · poc

https://github.com/techspence/PyPATHPwner

View Code ZIP pw:eip

References (2)

[Various Sources] https://mail.python.org/archives/list/security-announce%40python.org/thread/657Z4XULWZNIY5FRP3OWXHYKUSIH6DMN/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220419-0005/

Scores

CVSS v3 7.0

EPSS 0.0167

EPSS Percentile 81.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-426

Status published

Affected Products (9)

python/python < 3.7.12

python/python

netapp/active_iq_unified_manager

netapp/ontap_select_deploy_administration_utility

Timeline

Published Mar 10, 2022

Tracked Since Feb 18, 2026