PatchSiren

pypa CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM pypa CVE published 2026-07-08

CVE-2026-59890

The CVE record was published on 2026-07-08T17:17:27.020Z and has not been modified since then. The NVD entry is currently Awaiting Analysis. This MEDIUM severity vulnerability affects setuptools, a package for downloading, building, installing, upgrading, and uninstalling Python packages. The vulnerability allows an NFD file name to bypass an NFC exclusion rule and be packed into a source distribution on [truncated]