CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Virtualenv: >> Virtualenv >> 20.33.1 Security Vulnerabilities

CVE-2026-22702

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1.

CVSS Score

4.5

EPSS Score

0.0

Published

2026-01-10

Page 1

Vulnerabilities

Vulnerable Software

Virtualenv: >> Virtualenv >> 20.33.1 Security Vulnerabilities

Products

Pricing

Contact Us