PYSEC-2026-552
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/tkeasygui/PYSEC-2026-552.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2026-552
- Aliases
- Published
- 2026-06-29T11:50:37.683122Z
- Modified
- 2026-06-29T12:15:45.730928577Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- TkEasyGUI Vulnerable to OS Command Injection
- Details
-
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construct messages from external sources.
- References
Affected packages
PyPI / tkeasygui
Package
- Name
- tkeasygui
- View open source insights on deps.dev
- Purl
- pkg:pypi/tkeasygui
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.22
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.6
0.2.1
0.2.2
0.2.3
0.2.4
0.2.16
0.2.19
0.2.20
0.2.24
0.2.27
0.2.28
0.2.29
0.2.30
0.2.31
0.2.35
0.2.38
0.2.43
0.2.44
0.2.45
0.2.46
0.2.47
0.2.48
0.2.49
0.2.55
0.2.57
0.2.63
0.2.67
0.2.68
0.2.69
0.2.71
0.2.72
0.2.73
0.2.74
0.2.75
0.2.76
0.2.77
1.*
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.16
1.0.17
1.0.18
1.0.20
1.0.21