pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.
/tmp/pytest-of-{user}
"https://github.com/pypa/advisory-database/blob/main/vulns/pytest/PYSEC-2026-1845.yaml"