You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
wheel archives
About this tag
The wheel archives tag on WindowsForum.com covers discussions about Python wheel package files, with a focus on security vulnerabilities in pip's wheel extraction logic. A notable topic is CVE-2026-1703, a path traversal bug in pip that allows specially crafted wheel archives to place files outside the intended installation directory during pip install. This highlights archive unpacking as a recurring attack surface for supply-chain and installer attacks. The tag is relevant for developers, system administrators, and security professionals working with Python packaging and looking to understand or mitigate risks associated with wheel archives.
A subtle bug in pip’s wheel extraction logic has produced CVE‑2026‑1703 — a limited path‑traversal flaw that can allow specially crafted wheel (zip) archives to place files outside the intended installation directory during a normal pip install. The defect is narrowly scoped — the traversal is...