There is a LOW severity vulnerability
affecting CPython.

pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.

Please see the linked CVE ID for the latest information on
affected versions:

* https://www.cve.org/CVERecord?id=CVE-2026-3479
* https://github.com/python/cpython/pull/146122