CVE-2026-2297 Overview
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and does not use io.open_code() to read .pyc files. As a result, sys.audit handlers for this audit event do not fire, allowing potential security monitoring bypass when loading compiled Python bytecode files.
Critical Impact
Security audit mechanisms can be bypassed when loading .pyc files, potentially allowing malicious bytecode execution without triggering security monitoring systems.
Affected Products
- CPython (multiple versions)
- Python applications relying on sys.audit for security monitoring
- Security tools that depend on io.open_code() audit events
Discovery Timeline
- 2026-03-04 - CVE CVE-2026-2297 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-2297
Vulnerability Analysis
This vulnerability stems from an incomplete implementation in CPython's import machinery. The FileLoader base class contains a get_data() method that is responsible for reading file contents. This method was designed to use io.open_code() for certain loader types to ensure that security audit hooks are properly triggered when code files are accessed.
The issue lies in the conditional check within get_data() that determines whether to use io.open_code(). The original implementation only checked for SourceLoader and ExtensionFileLoader instances, but critically omitted SourcelessFileLoader from this check. When SourcelessFileLoader loads a .pyc file, it falls through to a standard file read operation that does not trigger the open_code audit event.
This allows an attacker who can place a malicious .pyc file on the system to have that bytecode loaded and executed without triggering sys.audit handlers that organizations may rely upon for security monitoring and intrusion detection.
Root Cause
The root cause is an incomplete type check in the FileLoader.get_data() method within Lib/importlib/_bootstrap_external.py. The isinstance() check that determines whether to use io.open_code() did not include SourcelessFileLoader in its tuple of loader types, causing .pyc file reads to bypass the secure file opening mechanism.
Attack Vector
An attacker with local access to the system could exploit this vulnerability by placing a malicious .pyc file in a location where it would be imported by a Python application. Since the audit event does not fire for SourcelessFileLoader, security monitoring tools relying on sys.audit hooks would not detect the loading of the malicious bytecode, allowing the attacker to evade detection.
# Security patch from CPython repository
# Source: https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e
def get_data(self, path):
"""Return the data from path as raw bytes."""
- if isinstance(self, (SourceLoader, ExtensionFileLoader)):
+ if isinstance(self, (SourceLoader, SourcelessFileLoader, ExtensionFileLoader)):
with _io.open_code(str(path)) as file:
return file.read()
else:
Detection Methods for CVE-2026-2297
Indicators of Compromise
- Unexpected .pyc files appearing in Python import paths
- Python applications loading bytecode without corresponding open_code audit events
- Gaps in sys.audit logs where .pyc file loads are not recorded
- Suspicious compiled Python bytecode files in writable directories
Detection Strategies
- Monitor for .pyc file creation or modification in Python library paths
- Implement file integrity monitoring for Python installation directories
- Compare sys.audit logs against actual file system activity to identify gaps
- Deploy endpoint detection that monitors Python process file access patterns independently of sys.audit
Monitoring Recommendations
- Enable comprehensive file access logging at the operating system level to supplement Python's audit system
- Implement hash-based verification of .pyc files before execution
- Use SentinelOne's behavioral AI to detect anomalous Python bytecode loading patterns
- Monitor for Python processes accessing .pyc files from unexpected locations
How to Mitigate CVE-2026-2297
Immediate Actions Required
- Update CPython to a patched version that includes the fix for this vulnerability
- Review existing .pyc files in your environment for unexpected or suspicious content
- Restrict write access to directories in Python's import path
- Consider removing .pyc files and relying solely on source files where feasible
Patch Information
The Python Software Foundation has released patches addressing this vulnerability. The fix modifies the get_data() method in Lib/importlib/_bootstrap_external.py to include SourcelessFileLoader in the isinstance() check, ensuring that .pyc file reads properly use io.open_code() and trigger the appropriate audit events.
Patch commits are available for multiple Python versions:
For more details, see the GitHub Issue Report and GitHub Pull Request.
Workarounds
- Implement operating system-level file access auditing to detect .pyc file loads independently
- Use mandatory access control (SELinux/AppArmor) to restrict which .pyc files Python can load
- Remove all .pyc files and configure Python with PYTHONDONTWRITEBYTECODE=1 to prevent bytecode caching
- Deploy additional security monitoring that does not rely solely on Python's sys.audit mechanism
# Configuration example - Prevent bytecode file creation and remove existing .pyc files
export PYTHONDONTWRITEBYTECODE=1
find /path/to/python/libs -name "*.pyc" -delete
find /path/to/python/libs -type d -name "__pycache__" -exec rm -rf {} +
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
