HIGH
danthedeckie
CVE published 2026-03-16
CVE-2026-32640
The SimpleEval library, used for adding evaluatable expressions to Python projects, has a critical vulnerability (CVE-2026-32640) that allows objects, including modules, to leak dangerous modules through direct access inside the sandbox. This issue, fixed in version 1.0.5, enables attackers to access dangerous functions or modules by passing them as callbacks to safe functions. The vulnerability has a CVS [truncated]