CVE-2026-22702 | pypa virtualenv up to 20.36.0 app_data/lock link following (GHSA-597g-3phw-6986)

A vulnerability, which was classified as critical, has been found in pypa virtualenv up to 20.36.0. Affected is the function app_data/lock. Performing a manipulation results in link following.

This vulnerability was named CVE-2026-22702. The attack needs to be approached locally. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More