Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-12003

CVE-2026-12003: Python Privilege Escalation Vulnerability

CVE-2026-12003 is a privilege escalation vulnerability in Python on Windows that allows low-privilege users to manipulate sys.path through VPATH landmark detection. This article covers technical details, impact, and mitigation.

Published:

CVE-2026-12003 Overview

CVE-2026-12003 is an untrusted search path vulnerability [CWE-427] affecting CPython builds on Windows. The flaw resides in how Python resolves the VPATH build-time variable to locate the Modules/setup.local landmark file. On Windows, VPATH is set to ..\.. relative to the PCbuild/ build output, causing Python to search for ..\..\Modules\setup.local outside the installation directory. When Python is installed to the legacy default location at the root of the OS drive, low-privilege users can create that landmark and a matching Lib folder. A restricted install then loads attacker-controlled modules, enabling local privilege escalation.

Critical Impact

A local low-privilege user can place a malicious Modules\setup.local and Lib directory outside the Python install path, causing privileged Python processes to load attacker-controlled code.

Affected Products

  • CPython on Windows installed via the legacy EXE installer to the default all-users location
  • Python 3.13 and 3.14 receive updated legacy installers; earlier branches receive source-only fixes
  • Non-Windows platforms are generally unaffected because they do not use a separated build binary directory

Discovery Timeline

  • 2026-06-16 - CVE CVE-2026-12003 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2026-12003

Vulnerability Analysis

Python supports running interpreters from in-tree build layouts to ease development. To do so, the build system bakes the VPATH variable into the interpreter and uses it at runtime to locate Modules/setup.local. When this landmark is found relative to the executable, Python switches to a source-tree sys.path instead of the install-tree layout. The fallback persists in release builds so release-ready binaries can also run in-tree.

On Windows, builds emit binaries into PCbuild/, so VPATH is hardcoded to ..\... At runtime the interpreter probes ..\..\Modules\setup.local relative to its own path. For an install rooted at C:\Python313\, the probed path resolves above the install directory. Windows allows any user to create directories at the root of the system drive, so a non-administrative user can plant the landmark and a sibling Lib directory containing malicious modules. When a privileged user or service later executes Python, the interpreter loads modules from the attacker-controlled Lib.

Root Cause

The root cause is an untrusted search path [CWE-427]. The VPATH-based landmark lookup was a compatibility fallback for the more specific .\pybuilddir.txt marker. Python trusts a path computed relative to the executable without validating that the parent directories share the install directory's permissions.

Attack Vector

Exploitation requires local access with permission to create folders at the root of the OS drive, a default condition on Windows. The attacker creates C:\Modules\setup.local and a C:\Lib\ directory containing malicious Python source. When a higher-privileged user runs Python from the legacy all-users install, the interpreter resolves the landmark, switches sys.path, and imports the attacker's modules under the elevated context. User interaction by the victim, such as running a Python script, is required to trigger the load.

No verified public exploit code is available. See the GitHub Issue Report and the Python Security Announcement for technical details.

Detection Methods for CVE-2026-12003

Indicators of Compromise

  • Unexpected Modules\setup.local files located two directory levels above any Python installation, particularly at the root of the OS drive
  • Presence of a Lib directory at the OS drive root or other locations matching <python-install>\..\..\Lib that was not created by an installer
  • Python processes loading modules from non-standard paths visible in sys.path at runtime

Detection Strategies

  • Audit file creation events on the root of system drives for Modules\ or Lib\ directory creation by non-administrative users
  • Inspect running Python processes and dump sys.path to confirm modules resolve only to the expected install or per-user paths
  • Hunt for image loads of .py or .pyc files from paths that resolve above the Python installation directory

Monitoring Recommendations

  • Enable file system auditing on C:\ and other OS drive roots to log directory creation by standard users
  • Forward Sysmon Event ID 11 (FileCreate) and Event ID 7 (ImageLoad) telemetry for Python interpreter processes to a SIEM for correlation
  • Alert when python.exe or pythonw.exe loads modules from directories outside its installation tree

How to Mitigate CVE-2026-12003

Immediate Actions Required

  • Uninstall Python installations placed by the legacy EXE installer at the default all-users location on the OS drive root
  • Migrate to the new Python install manager and install per-user, where other users cannot modify the install or its parent directories
  • Inventory hosts for existing C:\Modules\setup.local or C:\Lib\ artifacts and remove any not created by a trusted installer

Patch Information

The Python project has issued updated legacy installers for the 3.13 and 3.14 branches. Earlier branches receive source-only fixes. Future Python releases will remove the VPATH fallback entirely, requiring builds to generate or preserve pybuilddir.txt, which has shipped on Windows since 3.11. Refer to the GitHub Pull Request and the Openwall OSS Security Post for fix details.

Workarounds

  • Pre-create a Modules directory two levels above the Python installation and restrict its ACL so only administrators can write to it
  • Relocate the Python install to a path where the directory two levels above inherits restrictive permissions, such as C:\Program Files\ subpaths protected by default ACLs
  • Switch to per-user installs, which cannot be modified by other unprivileged users and remove the escalation surface entirely

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne