tag.py in eyeD3 (aka python-eyed3) 0.7.5 and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.
"https://github.com/pypa/advisory-database/blob/main/vulns/eyed3/PYSEC-2026-807.yaml"