Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.
"https://github.com/pypa/advisory-database/blob/main/vulns/py2play/PYSEC-2026-742.yaml"