PatchSiren

conda-forge CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH conda-forge CVE published 2026-06-18

CVE-2026-46699

CVE-2026-46699 is a high-severity vulnerability in conda-smithy, a tool for combining conda recipes with configurations for building on freely hosted CI services. The vulnerability, caused by the use of mutable GitHub usernames as identifiers for repository invitation routing, allows unintended write access to feedstock repositories through GitHub username takeover. This issue was addressed in version 3.6 [truncated]