MEDIUM
danifus
CVE published 2026-07-17
CVE-2026-44722
CVE-2026-44722 is a MEDIUM severity vulnerability in pyzipper, a Python replacement for zipfile that can read and write AES encrypted zip files. The issue, now fixed in version 0.4.0, involves a Python operator precedence bug in pyzipper/zipfile_aes.py that caused the AE-2 format to never be automatically selected during encryption. As a result, encrypted entries were written in AE-1 format, exposing the [truncated]