cvedb.io
CVE-2026-41206
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2026-04-23T02:16:18.533 · Last modified 2026-06-17T10:46:19.433

Summary

PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in `PluginSecurity.validate_plugin_code` is incomplete and can be bypassed using several Python constructs that are not checked. An attacker who can supply a plugin file can achieve arbitrary code execution within the PySpector process when that plugin is installed and executed. Version 0.1.8 fixes the issue.

Affected products

parzivalhack — pyspector

Does this affect you?

Add your gear to cvedb and we'll alert you only when parzivalhack ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.