An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
"https://github.com/pypa/advisory-database/blob/main/vulns/signify/PYSEC-2026-2278.yaml"