HIGH
befeleme
CVE published 2026-05-09
CVE-2026-42301
CVE-2026-42301 describes a build-time code execution issue in pyp2spec before 0.14.1. The tool wrote PyPI package metadata into generated Fedora RPM spec files without escaping RPM macro directives. When a packager runs rpmbuild, those directives can be evaluated, allowing a malicious package to execute commands on the build machine. The issue was patched in pyp2spec 0.14.1.