Search

Find a vulnerability

Search criteria

    Related vulnerabilities

    GHSA-GHQ2-5C67-FPRM

    Vulnerability from github – Published: 2026-06-10 20:32 – Updated: 2026-06-10 20:32
    VLAI
    Summary
    PDM: Project-Local State and Config Writes Follow Symlinks
    Details

    Summary

    PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets.

    This creates an arbitrary file clobber primitive relative to the privileges of the invoking user.

    Affected Behavior

    • Project-local config writes can affect files outside the repository
    • The most stable demonstrated sink is pdm.toml
    • Related sinks include .pdm-python and .python-version

    Affected Code

    • src/pdm/project/config.py:303-350
    • src/pdm/project/core.py:209-217
    • src/pdm/cli/commands/use.py:187-189

    Technical Details

    Config.__init__() resolves the project-local pdm.toml path and _save_config() writes to the resolved target. If PROJECT_ROOT/pdm.toml is a symlink to another file, pdm config -l ... updates the target file instead of refusing the write.

    The same general problem exists for other project-local persistence paths that are written directly with no lstat / O_NOFOLLOW protection.

    For the pdm.toml PoC specifically, the target file must already contain parseable TOML. Otherwise the load step fails before the write path is reached. That parser constraint does not apply to the .pdm-python or .python-version sinks.

    Impact

    • Arbitrary file clobber as the invoking user
    • Destructive modification of local files outside the repository root
    • Useful primitive for privilege abuse when pdm is run in elevated contexts

    Reproduction

    PoC:

    # Replace this with a Python interpreter that can run `python -m pdm`.
    PDM_PY=/path/to/python-with-pdm
    tmpdir=$(mktemp -d)
    target="$tmpdir/clobbered-target.toml"
    
    cat > "$target" <<'EOF'
    [seed]
    value = 1
    EOF
    
    ln -s "$target" "$tmpdir/pdm.toml"
    
    cat > "$tmpdir/pyproject.toml" <<'EOF'
    [project]
    name = "symlink-clobber-demo"
    version = "0.0.1"
    EOF
    
    (
      cd "$tmpdir" &&
      "$PDM_PY" -m pdm config -l venv.in_project false
    )
    
    cat "$target"
    

    Expected result:

    • A temporary project is created
    • pdm.toml is a symlink to another TOML file
    • Running pdm config -l venv.in_project false modifies the symlink target

    Observed output from local validation:

    --- target ---
    [seed]
    value = 1
    
    [venv]
    in_project = false
    

    Severity

    Medium

    CVSS v4.0

    • Base score: 6.8 (Medium)
    • Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

    Rationale:

    • AV:L: exploitation requires local execution of pdm against an attacker-prepared checkout
    • AC:L: there is no complex constraint once the symlink sink exists
    • AT:N: no extra prerequisite beyond the victim running the relevant command is required
    • PR:N: the attacker does not need prior privileges on the victim system
    • UI:A: the victim must actively run a command that writes project-local state or config
    • VC:N: the demonstrated issue is a write primitive, not a direct read primitive
    • VI:H: the attacker can cause unauthorized modification of files outside the repository root
    • VA:L: file clobber can disrupt local operation, but direct same-step availability impact is lower than a full RCE
    • SC:N/SI:N/SA:N: the base score is limited to the directly affected system

    Root Cause

    Project-local file sinks are treated as trusted regular files and are written without symlink checks or guarded atomic replacement.

    Recommended Remediation

    • Refuse to write project-local config/state files when the destination is a symlink
    • Use lstat and O_NOFOLLOW where available
    • Avoid resolving attacker-controlled project-local paths before writing
    • Use atomic temp-file replacement only after confirming the destination is a regular file

    Disclosure Notes

    This issue is independent from the code-execution issues above. It is best tracked as a separate CVE candidate because the root cause and remediation are different.

    Show details on source website

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "pdm"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "2.27.0"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ]
        }
      ],
      "aliases": [
        "CVE-2026-47763"
      ],
      "database_specific": {
        "cwe_ids": [
          "CWE-61"
        ],
        "github_reviewed": true,
        "github_reviewed_at": "2026-06-10T20:32:56Z",
        "nvd_published_at": null,
        "severity": "MODERATE"
      },
      "details": "## Summary\n\nPDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets.\n\nThis creates an arbitrary file clobber primitive relative to the privileges of the invoking user.\n\n## Affected Behavior\n\n- Project-local config writes can affect files outside the repository\n- The most stable demonstrated sink is `pdm.toml`\n- Related sinks include `.pdm-python` and `.python-version`\n\n## Affected Code\n\n- `src/pdm/project/config.py:303-350`\n- `src/pdm/project/core.py:209-217`\n- `src/pdm/cli/commands/use.py:187-189`\n\n## Technical Details\n\n`Config.__init__()` resolves the project-local `pdm.toml` path and `_save_config()` writes to the resolved target. If `PROJECT_ROOT/pdm.toml` is a symlink to another file, `pdm config -l ...` updates the target file instead of refusing the write.\n\nThe same general problem exists for other project-local persistence paths that are written directly with no `lstat` / `O_NOFOLLOW` protection.\n\nFor the `pdm.toml` PoC specifically, the target file must already contain parseable TOML. Otherwise the load step fails before the write path is reached. That parser constraint does not apply to the `.pdm-python` or `.python-version` sinks.\n\n## Impact\n\n- Arbitrary file clobber as the invoking user\n- Destructive modification of local files outside the repository root\n- Useful primitive for privilege abuse when `pdm` is run in elevated contexts\n\n## Reproduction\n\nPoC:\n\n```bash\n# Replace this with a Python interpreter that can run `python -m pdm`.\nPDM_PY=/path/to/python-with-pdm\ntmpdir=$(mktemp -d)\ntarget=\"$tmpdir/clobbered-target.toml\"\n\ncat \u003e \"$target\" \u003c\u003c\u0027EOF\u0027\n[seed]\nvalue = 1\nEOF\n\nln -s \"$target\" \"$tmpdir/pdm.toml\"\n\ncat \u003e \"$tmpdir/pyproject.toml\" \u003c\u003c\u0027EOF\u0027\n[project]\nname = \"symlink-clobber-demo\"\nversion = \"0.0.1\"\nEOF\n\n(\n  cd \"$tmpdir\" \u0026\u0026\n  \"$PDM_PY\" -m pdm config -l venv.in_project false\n)\n\ncat \"$target\"\n```\n\nExpected result:\n\n- A temporary project is created\n- `pdm.toml` is a symlink to another TOML file\n- Running `pdm config -l venv.in_project false` modifies the symlink target\n\nObserved output from local validation:\n\n```text\n--- target ---\n[seed]\nvalue = 1\n\n[venv]\nin_project = false\n```\n\n## Severity\n\nMedium\n\n## CVSS v4.0\n\n- Base score: `6.8` (`Medium`)\n- Vector: `CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N`\n\nRationale:\n\n- `AV:L`: exploitation requires local execution of `pdm` against an attacker-prepared checkout\n- `AC:L`: there is no complex constraint once the symlink sink exists\n- `AT:N`: no extra prerequisite beyond the victim running the relevant command is required\n- `PR:N`: the attacker does not need prior privileges on the victim system\n- `UI:A`: the victim must actively run a command that writes project-local state or config\n- `VC:N`: the demonstrated issue is a write primitive, not a direct read primitive\n- `VI:H`: the attacker can cause unauthorized modification of files outside the repository root\n- `VA:L`: file clobber can disrupt local operation, but direct same-step availability impact is lower than a full RCE\n- `SC:N/SI:N/SA:N`: the base score is limited to the directly affected system\n\n## Root Cause\n\nProject-local file sinks are treated as trusted regular files and are written without symlink checks or guarded atomic replacement.\n\n## Recommended Remediation\n\n- Refuse to write project-local config/state files when the destination is a symlink\n- Use `lstat` and `O_NOFOLLOW` where available\n- Avoid resolving attacker-controlled project-local paths before writing\n- Use atomic temp-file replacement only after confirming the destination is a regular file\n\n## Disclosure Notes\n\nThis issue is independent from the code-execution issues above. It is best tracked as a separate CVE candidate because the root cause and remediation are different.",
      "id": "GHSA-ghq2-5c67-fprm",
      "modified": "2026-06-10T20:32:56Z",
      "published": "2026-06-10T20:32:56Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/pdm-project/pdm/security/advisories/GHSA-ghq2-5c67-fprm"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/pdm-project/pdm"
        },
        {
          "type": "WEB",
          "url": "https://github.com/pdm-project/pdm/releases/tag/2.27.0"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
          "type": "CVSS_V4"
        }
      ],
      "summary": "PDM: Project-Local State and Config Writes Follow Symlinks"
    }

    OPENSUSE-SU-2026:11124-1

    Vulnerability from csaf_opensuse - Published: 2026-06-25 00:00 - Updated: 2026-06-25 00:00
    Summary
    python311-pdm-2.28.0-1.1 on GA media
    Severity
    Moderate
    Notes
    Title of the patch: python311-pdm-2.28.0-1.1 on GA media
    Description of the patch: These are all security issues fixed in the python311-pdm-2.28.0-1.1 package on the GA media of openSUSE Tumbleweed.
    Patchnames: openSUSE-Tumbleweed-2026-11124
    Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate

    {
      "document": {
        "aggregate_severity": {
          "namespace": "https://www.suse.com/support/security/rating/",
          "text": "moderate"
        },
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
          "text": "Copyright 2024 SUSE LLC. All rights reserved.",
          "tlp": {
            "label": "WHITE",
            "url": "https://www.first.org/tlp/"
          }
        },
        "lang": "en",
        "notes": [
          {
            "category": "summary",
            "text": "python311-pdm-2.28.0-1.1 on GA media",
            "title": "Title of the patch"
          },
          {
            "category": "description",
            "text": "These are all security issues fixed in the python311-pdm-2.28.0-1.1 package on the GA media of openSUSE Tumbleweed.",
            "title": "Description of the patch"
          },
          {
            "category": "details",
            "text": "openSUSE-Tumbleweed-2026-11124",
            "title": "Patchnames"
          },
          {
            "category": "legal_disclaimer",
            "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            "title": "Terms of use"
          }
        ],
        "publisher": {
          "category": "vendor",
          "contact_details": "https://www.suse.com/support/security/contact/",
          "name": "SUSE Product Security Team",
          "namespace": "https://www.suse.com/"
        },
        "references": [
          {
            "category": "external",
            "summary": "SUSE ratings",
            "url": "https://www.suse.com/support/security/rating/"
          },
          {
            "category": "self",
            "summary": "URL of this CSAF notice",
            "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11124-1.json"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-47763 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-47763/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-47764 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-47764/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-47781 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-47781/"
          }
        ],
        "title": "python311-pdm-2.28.0-1.1 on GA media",
        "tracking": {
          "current_release_date": "2026-06-25T00:00:00Z",
          "generator": {
            "date": "2026-06-25T00:00:00Z",
            "engine": {
              "name": "cve-database.git:bin/generate-csaf.pl",
              "version": "1"
            }
          },
          "id": "openSUSE-SU-2026:11124-1",
          "initial_release_date": "2026-06-25T00:00:00Z",
          "revision_history": [
            {
              "date": "2026-06-25T00:00:00Z",
              "number": "1",
              "summary": "Current version"
            }
          ],
          "status": "final",
          "version": "1"
        }
      },
      "product_tree": {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "python311-pdm-2.28.0-1.1.aarch64",
                    "product": {
                      "name": "python311-pdm-2.28.0-1.1.aarch64",
                      "product_id": "python311-pdm-2.28.0-1.1.aarch64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "python313-pdm-2.28.0-1.1.aarch64",
                    "product": {
                      "name": "python313-pdm-2.28.0-1.1.aarch64",
                      "product_id": "python313-pdm-2.28.0-1.1.aarch64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "python314-pdm-2.28.0-1.1.aarch64",
                    "product": {
                      "name": "python314-pdm-2.28.0-1.1.aarch64",
                      "product_id": "python314-pdm-2.28.0-1.1.aarch64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "aarch64"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "python311-pdm-2.28.0-1.1.ppc64le",
                    "product": {
                      "name": "python311-pdm-2.28.0-1.1.ppc64le",
                      "product_id": "python311-pdm-2.28.0-1.1.ppc64le"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "python313-pdm-2.28.0-1.1.ppc64le",
                    "product": {
                      "name": "python313-pdm-2.28.0-1.1.ppc64le",
                      "product_id": "python313-pdm-2.28.0-1.1.ppc64le"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "python314-pdm-2.28.0-1.1.ppc64le",
                    "product": {
                      "name": "python314-pdm-2.28.0-1.1.ppc64le",
                      "product_id": "python314-pdm-2.28.0-1.1.ppc64le"
                    }
                  }
                ],
                "category": "architecture",
                "name": "ppc64le"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "python311-pdm-2.28.0-1.1.s390x",
                    "product": {
                      "name": "python311-pdm-2.28.0-1.1.s390x",
                      "product_id": "python311-pdm-2.28.0-1.1.s390x"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "python313-pdm-2.28.0-1.1.s390x",
                    "product": {
                      "name": "python313-pdm-2.28.0-1.1.s390x",
                      "product_id": "python313-pdm-2.28.0-1.1.s390x"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "python314-pdm-2.28.0-1.1.s390x",
                    "product": {
                      "name": "python314-pdm-2.28.0-1.1.s390x",
                      "product_id": "python314-pdm-2.28.0-1.1.s390x"
                    }
                  }
                ],
                "category": "architecture",
                "name": "s390x"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "python311-pdm-2.28.0-1.1.x86_64",
                    "product": {
                      "name": "python311-pdm-2.28.0-1.1.x86_64",
                      "product_id": "python311-pdm-2.28.0-1.1.x86_64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "python313-pdm-2.28.0-1.1.x86_64",
                    "product": {
                      "name": "python313-pdm-2.28.0-1.1.x86_64",
                      "product_id": "python313-pdm-2.28.0-1.1.x86_64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "python314-pdm-2.28.0-1.1.x86_64",
                    "product": {
                      "name": "python314-pdm-2.28.0-1.1.x86_64",
                      "product_id": "python314-pdm-2.28.0-1.1.x86_64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "x86_64"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "openSUSE Tumbleweed",
                    "product": {
                      "name": "openSUSE Tumbleweed",
                      "product_id": "openSUSE Tumbleweed",
                      "product_identification_helper": {
                        "cpe": "cpe:/o:opensuse:tumbleweed"
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "SUSE Linux Enterprise"
              }
            ],
            "category": "vendor",
            "name": "SUSE"
          }
        ],
        "relationships": [
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python311-pdm-2.28.0-1.1.aarch64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.aarch64"
            },
            "product_reference": "python311-pdm-2.28.0-1.1.aarch64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python311-pdm-2.28.0-1.1.ppc64le as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.ppc64le"
            },
            "product_reference": "python311-pdm-2.28.0-1.1.ppc64le",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python311-pdm-2.28.0-1.1.s390x as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.s390x"
            },
            "product_reference": "python311-pdm-2.28.0-1.1.s390x",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python311-pdm-2.28.0-1.1.x86_64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.x86_64"
            },
            "product_reference": "python311-pdm-2.28.0-1.1.x86_64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python313-pdm-2.28.0-1.1.aarch64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.aarch64"
            },
            "product_reference": "python313-pdm-2.28.0-1.1.aarch64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python313-pdm-2.28.0-1.1.ppc64le as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.ppc64le"
            },
            "product_reference": "python313-pdm-2.28.0-1.1.ppc64le",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python313-pdm-2.28.0-1.1.s390x as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.s390x"
            },
            "product_reference": "python313-pdm-2.28.0-1.1.s390x",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python313-pdm-2.28.0-1.1.x86_64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.x86_64"
            },
            "product_reference": "python313-pdm-2.28.0-1.1.x86_64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python314-pdm-2.28.0-1.1.aarch64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.aarch64"
            },
            "product_reference": "python314-pdm-2.28.0-1.1.aarch64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python314-pdm-2.28.0-1.1.ppc64le as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.ppc64le"
            },
            "product_reference": "python314-pdm-2.28.0-1.1.ppc64le",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python314-pdm-2.28.0-1.1.s390x as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.s390x"
            },
            "product_reference": "python314-pdm-2.28.0-1.1.s390x",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "python314-pdm-2.28.0-1.1.x86_64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.x86_64"
            },
            "product_reference": "python314-pdm-2.28.0-1.1.x86_64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          }
        ]
      },
      "vulnerabilities": [
        {
          "cve": "CVE-2026-47763",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-47763"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "unknown",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.aarch64",
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.ppc64le",
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.s390x",
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.x86_64",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.aarch64",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.ppc64le",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.s390x",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.x86_64",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.aarch64",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.ppc64le",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.s390x",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-47763",
              "url": "https://www.suse.com/security/cve/CVE-2026-47763"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1268384 for CVE-2026-47763",
              "url": "https://bugzilla.suse.com/1268384"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.aarch64",
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.ppc64le",
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.s390x",
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.x86_64",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.aarch64",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.ppc64le",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.s390x",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.x86_64",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.aarch64",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.ppc64le",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.s390x",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-06-25T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-47763"
        },
        {
          "cve": "CVE-2026-47764",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-47764"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "unknown",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.aarch64",
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.ppc64le",
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.s390x",
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.x86_64",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.aarch64",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.ppc64le",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.s390x",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.x86_64",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.aarch64",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.ppc64le",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.s390x",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-47764",
              "url": "https://www.suse.com/security/cve/CVE-2026-47764"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1268385 for CVE-2026-47764",
              "url": "https://bugzilla.suse.com/1268385"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.aarch64",
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.ppc64le",
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.s390x",
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.x86_64",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.aarch64",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.ppc64le",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.s390x",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.x86_64",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.aarch64",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.ppc64le",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.s390x",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-06-25T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-47764"
        },
        {
          "cve": "CVE-2026-47781",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-47781"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "unknown",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.aarch64",
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.ppc64le",
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.s390x",
              "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.x86_64",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.aarch64",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.ppc64le",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.s390x",
              "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.x86_64",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.aarch64",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.ppc64le",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.s390x",
              "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-47781",
              "url": "https://www.suse.com/security/cve/CVE-2026-47781"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1268386 for CVE-2026-47781",
              "url": "https://bugzilla.suse.com/1268386"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.aarch64",
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.ppc64le",
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.s390x",
                "openSUSE Tumbleweed:python311-pdm-2.28.0-1.1.x86_64",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.aarch64",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.ppc64le",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.s390x",
                "openSUSE Tumbleweed:python313-pdm-2.28.0-1.1.x86_64",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.aarch64",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.ppc64le",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.s390x",
                "openSUSE Tumbleweed:python314-pdm-2.28.0-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-06-25T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-47781"
        }
      ]
    }

    PYSEC-2026-2862

    Vulnerability from pysec - Published: 2026-07-13 15:46 - Updated: 2026-07-13 16:05
    VLAI
    Details

    Summary

    PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets.

    This creates an arbitrary file clobber primitive relative to the privileges of the invoking user.

    Affected Behavior

    • Project-local config writes can affect files outside the repository
    • The most stable demonstrated sink is pdm.toml
    • Related sinks include .pdm-python and .python-version

    Affected Code

    • src/pdm/project/config.py:303-350
    • src/pdm/project/core.py:209-217
    • src/pdm/cli/commands/use.py:187-189

    Technical Details

    Config.__init__() resolves the project-local pdm.toml path and _save_config() writes to the resolved target. If PROJECT_ROOT/pdm.toml is a symlink to another file, pdm config -l ... updates the target file instead of refusing the write.

    The same general problem exists for other project-local persistence paths that are written directly with no lstat / O_NOFOLLOW protection.

    For the pdm.toml PoC specifically, the target file must already contain parseable TOML. Otherwise the load step fails before the write path is reached. That parser constraint does not apply to the .pdm-python or .python-version sinks.

    Impact

    • Arbitrary file clobber as the invoking user
    • Destructive modification of local files outside the repository root
    • Useful primitive for privilege abuse when pdm is run in elevated contexts

    Reproduction

    PoC:

    # Replace this with a Python interpreter that can run `python -m pdm`.
    PDM_PY=/path/to/python-with-pdm
    tmpdir=$(mktemp -d)
    target="$tmpdir/clobbered-target.toml"
    
    cat > "$target" <<'EOF'
    [seed]
    value = 1
    EOF
    
    ln -s "$target" "$tmpdir/pdm.toml"
    
    cat > "$tmpdir/pyproject.toml" <<'EOF'
    [project]
    name = "symlink-clobber-demo"
    version = "0.0.1"
    EOF
    
    (
      cd "$tmpdir" &&
      "$PDM_PY" -m pdm config -l venv.in_project false
    )
    
    cat "$target"
    

    Expected result:

    • A temporary project is created
    • pdm.toml is a symlink to another TOML file
    • Running pdm config -l venv.in_project false modifies the symlink target

    Observed output from local validation:

    --- target ---
    [seed]
    value = 1
    
    [venv]
    in_project = false
    

    Severity

    Medium

    CVSS v4.0

    • Base score: 6.8 (Medium)
    • Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

    Rationale:

    • AV:L: exploitation requires local execution of pdm against an attacker-prepared checkout
    • AC:L: there is no complex constraint once the symlink sink exists
    • AT:N: no extra prerequisite beyond the victim running the relevant command is required
    • PR:N: the attacker does not need prior privileges on the victim system
    • UI:A: the victim must actively run a command that writes project-local state or config
    • VC:N: the demonstrated issue is a write primitive, not a direct read primitive
    • VI:H: the attacker can cause unauthorized modification of files outside the repository root
    • VA:L: file clobber can disrupt local operation, but direct same-step availability impact is lower than a full RCE
    • SC:N/SI:N/SA:N: the base score is limited to the directly affected system

    Root Cause

    Project-local file sinks are treated as trusted regular files and are written without symlink checks or guarded atomic replacement.

    Recommended Remediation

    • Refuse to write project-local config/state files when the destination is a symlink
    • Use lstat and O_NOFOLLOW where available
    • Avoid resolving attacker-controlled project-local paths before writing
    • Use atomic temp-file replacement only after confirming the destination is a regular file

    Disclosure Notes

    This issue is independent from the code-execution issues above. It is best tracked as a separate CVE candidate because the root cause and remediation are different.

    Impacted products
    Name purl
    pdm pkg:pypi/pdm

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "pdm",
            "purl": "pkg:pypi/pdm"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "2.27.0"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "0.0.0",
            "0.0.1",
            "0.0.3",
            "0.0.4",
            "0.0.5",
            "0.0.6",
            "0.1.0",
            "0.1.1",
            "0.1.2",
            "0.10.0",
            "0.10.1",
            "0.10.2",
            "0.11.0",
            "0.12.0",
            "0.12.1",
            "0.12.2",
            "0.12.3",
            "0.2.0",
            "0.2.1",
            "0.2.2",
            "0.2.3",
            "0.2.4",
            "0.2.5",
            "0.2.6",
            "0.3.0",
            "0.3.1",
            "0.3.2",
            "0.4.0",
            "0.4.1",
            "0.4.2",
            "0.5.0",
            "0.6.0",
            "0.6.1",
            "0.6.2",
            "0.6.3",
            "0.6.4",
            "0.6.5",
            "0.7.0",
            "0.7.1",
            "0.8.0",
            "0.8.1",
            "0.8.2",
            "0.8.3",
            "0.8.4",
            "0.8.5",
            "0.8.6",
            "0.8.7",
            "0.9.0",
            "0.9.1",
            "0.9.2",
            "1.0.0",
            "1.0.0b0",
            "1.0.0b2",
            "1.1.0",
            "1.10.0",
            "1.10.1",
            "1.10.2",
            "1.10.3",
            "1.11.0",
            "1.11.1",
            "1.11.2",
            "1.11.3",
            "1.12.0",
            "1.12.1",
            "1.12.2",
            "1.12.3",
            "1.12.4",
            "1.12.5",
            "1.12.6",
            "1.12.7",
            "1.12.8",
            "1.13.0",
            "1.13.0.post0",
            "1.13.1",
            "1.13.2",
            "1.13.3",
            "1.13.4",
            "1.13.5",
            "1.13.6",
            "1.14.0",
            "1.14.1",
            "1.15.0",
            "1.15.1",
            "1.15.2",
            "1.15.3",
            "1.15.4",
            "1.15.5",
            "1.2.0",
            "1.2.0.post1",
            "1.3.0",
            "1.3.1",
            "1.3.2",
            "1.3.3",
            "1.3.4",
            "1.4.0",
            "1.4.1",
            "1.4.2",
            "1.4.3",
            "1.4.4",
            "1.4.5",
            "1.5.0",
            "1.5.0b0",
            "1.5.0b1",
            "1.5.1",
            "1.5.2",
            "1.5.3",
            "1.6.0",
            "1.6.1",
            "1.6.2",
            "1.6.3",
            "1.6.4",
            "1.7.0",
            "1.7.1",
            "1.7.2",
            "1.8.0",
            "1.8.1",
            "1.8.2",
            "1.8.3",
            "1.8.4",
            "1.8.5",
            "1.9.0",
            "2.0.0",
            "2.0.0a1",
            "2.0.0b1",
            "2.0.0b2",
            "2.0.1",
            "2.0.2",
            "2.0.3",
            "2.1.0",
            "2.1.1",
            "2.1.2",
            "2.1.3",
            "2.1.4",
            "2.1.5",
            "2.10.0",
            "2.10.1",
            "2.10.2",
            "2.10.3",
            "2.10.4",
            "2.11.0",
            "2.11.1",
            "2.11.2",
            "2.12.0",
            "2.12.1",
            "2.12.2",
            "2.12.3",
            "2.12.4",
            "2.13.0",
            "2.13.1",
            "2.13.2",
            "2.13.3",
            "2.14.0",
            "2.15.0",
            "2.15.1",
            "2.15.2",
            "2.15.3",
            "2.15.4",
            "2.16.0",
            "2.16.1",
            "2.17.0",
            "2.17.1",
            "2.17.2",
            "2.17.3",
            "2.18.0",
            "2.18.1",
            "2.18.2",
            "2.19.0",
            "2.19.0a0",
            "2.19.1",
            "2.19.2",
            "2.19.3",
            "2.2.0",
            "2.2.1",
            "2.20.0",
            "2.20.0.post1",
            "2.20.1",
            "2.21.0",
            "2.22.0",
            "2.22.1",
            "2.22.2",
            "2.22.3",
            "2.22.4",
            "2.23.0",
            "2.23.1",
            "2.24.0",
            "2.24.1",
            "2.24.2",
            "2.25.0",
            "2.25.1",
            "2.25.2",
            "2.25.3",
            "2.25.4",
            "2.25.5",
            "2.25.6",
            "2.25.7",
            "2.25.8",
            "2.25.9",
            "2.26.0",
            "2.26.1",
            "2.26.2",
            "2.26.3",
            "2.26.4",
            "2.26.5",
            "2.26.6",
            "2.26.7",
            "2.26.8",
            "2.26.9",
            "2.3.0",
            "2.3.1",
            "2.3.2",
            "2.3.3",
            "2.3.4",
            "2.4.0",
            "2.4.1",
            "2.4.2",
            "2.4.3",
            "2.4.4",
            "2.4.5",
            "2.4.6",
            "2.4.7",
            "2.4.8",
            "2.4.9",
            "2.5.0",
            "2.5.0b0",
            "2.5.1",
            "2.5.2",
            "2.5.3",
            "2.5.4",
            "2.5.5",
            "2.5.6",
            "2.6.0",
            "2.6.1",
            "2.7.0",
            "2.7.1",
            "2.7.2",
            "2.7.3",
            "2.7.4",
            "2.8.0",
            "2.8.0a0",
            "2.8.0a1",
            "2.8.0a2",
            "2.8.1",
            "2.8.2",
            "2.9.0",
            "2.9.1",
            "2.9.2",
            "2.9.3"
          ]
        }
      ],
      "aliases": [
        "CVE-2026-47763",
        "GHSA-ghq2-5c67-fprm"
      ],
      "details": "## Summary\n\nPDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets.\n\nThis creates an arbitrary file clobber primitive relative to the privileges of the invoking user.\n\n## Affected Behavior\n\n- Project-local config writes can affect files outside the repository\n- The most stable demonstrated sink is `pdm.toml`\n- Related sinks include `.pdm-python` and `.python-version`\n\n## Affected Code\n\n- `src/pdm/project/config.py:303-350`\n- `src/pdm/project/core.py:209-217`\n- `src/pdm/cli/commands/use.py:187-189`\n\n## Technical Details\n\n`Config.__init__()` resolves the project-local `pdm.toml` path and `_save_config()` writes to the resolved target. If `PROJECT_ROOT/pdm.toml` is a symlink to another file, `pdm config -l ...` updates the target file instead of refusing the write.\n\nThe same general problem exists for other project-local persistence paths that are written directly with no `lstat` / `O_NOFOLLOW` protection.\n\nFor the `pdm.toml` PoC specifically, the target file must already contain parseable TOML. Otherwise the load step fails before the write path is reached. That parser constraint does not apply to the `.pdm-python` or `.python-version` sinks.\n\n## Impact\n\n- Arbitrary file clobber as the invoking user\n- Destructive modification of local files outside the repository root\n- Useful primitive for privilege abuse when `pdm` is run in elevated contexts\n\n## Reproduction\n\nPoC:\n\n```bash\n# Replace this with a Python interpreter that can run `python -m pdm`.\nPDM_PY=/path/to/python-with-pdm\ntmpdir=$(mktemp -d)\ntarget=\"$tmpdir/clobbered-target.toml\"\n\ncat \u003e \"$target\" \u003c\u003c\u0027EOF\u0027\n[seed]\nvalue = 1\nEOF\n\nln -s \"$target\" \"$tmpdir/pdm.toml\"\n\ncat \u003e \"$tmpdir/pyproject.toml\" \u003c\u003c\u0027EOF\u0027\n[project]\nname = \"symlink-clobber-demo\"\nversion = \"0.0.1\"\nEOF\n\n(\n  cd \"$tmpdir\" \u0026\u0026\n  \"$PDM_PY\" -m pdm config -l venv.in_project false\n)\n\ncat \"$target\"\n```\n\nExpected result:\n\n- A temporary project is created\n- `pdm.toml` is a symlink to another TOML file\n- Running `pdm config -l venv.in_project false` modifies the symlink target\n\nObserved output from local validation:\n\n```text\n--- target ---\n[seed]\nvalue = 1\n\n[venv]\nin_project = false\n```\n\n## Severity\n\nMedium\n\n## CVSS v4.0\n\n- Base score: `6.8` (`Medium`)\n- Vector: `CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N`\n\nRationale:\n\n- `AV:L`: exploitation requires local execution of `pdm` against an attacker-prepared checkout\n- `AC:L`: there is no complex constraint once the symlink sink exists\n- `AT:N`: no extra prerequisite beyond the victim running the relevant command is required\n- `PR:N`: the attacker does not need prior privileges on the victim system\n- `UI:A`: the victim must actively run a command that writes project-local state or config\n- `VC:N`: the demonstrated issue is a write primitive, not a direct read primitive\n- `VI:H`: the attacker can cause unauthorized modification of files outside the repository root\n- `VA:L`: file clobber can disrupt local operation, but direct same-step availability impact is lower than a full RCE\n- `SC:N/SI:N/SA:N`: the base score is limited to the directly affected system\n\n## Root Cause\n\nProject-local file sinks are treated as trusted regular files and are written without symlink checks or guarded atomic replacement.\n\n## Recommended Remediation\n\n- Refuse to write project-local config/state files when the destination is a symlink\n- Use `lstat` and `O_NOFOLLOW` where available\n- Avoid resolving attacker-controlled project-local paths before writing\n- Use atomic temp-file replacement only after confirming the destination is a regular file\n\n## Disclosure Notes\n\nThis issue is independent from the code-execution issues above. It is best tracked as a separate CVE candidate because the root cause and remediation are different.",
      "id": "PYSEC-2026-2862",
      "modified": "2026-07-13T16:05:29.440146Z",
      "published": "2026-07-13T15:46:16.027754Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/pdm-project/pdm/security/advisories/GHSA-ghq2-5c67-fprm"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/pdm-project/pdm"
        },
        {
          "type": "WEB",
          "url": "https://github.com/pdm-project/pdm/releases/tag/2.27.0"
        },
        {
          "type": "PACKAGE",
          "url": "https://pypi.org/project/pdm"
        },
        {
          "type": "ADVISORY",
          "url": "https://github.com/advisories/GHSA-ghq2-5c67-fprm"
        },
        {
          "type": "ADVISORY",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47763"
        }
      ],
      "severity": [
        {
          "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
          "type": "CVSS_V4"
        }
      ],
      "summary": "PDM: Project-Local State and Config Writes Follow Symlinks"
    }