HIGH
conda-forge
CVE published 2026-06-18
CVE-2026-46699
CVE-2026-46699 is a high-severity vulnerability in conda-smithy, a tool for combining conda recipes with configurations for building on freely hosted CI services. The vulnerability, caused by the use of mutable GitHub usernames as identifiers for repository invitation routing, allows unintended write access to feedstock repositories through GitHub username takeover. This issue was addressed in version 3.6 [truncated]