CVE-2026-28684 | theskumar python-dotenv up to 1.2.1 set_key/unset_key link following (GHSA-mf9w-mj56-hr94)

A vulnerability, which was classified as critical, has been found in theskumar python-dotenv up to 1.2.1. This vulnerability affects the function set_key/unset_key. Performing a manipulation results in link following.

This vulnerability is reported as CVE-2026-28684. The attack requires a local approach. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More