Root has patched CVE-2026-49476 in the rootio-soupsieve package for Root:PyPI. Multiple fixed versions available.
{ "distro": "pypi", "severity": "HIGH", "source": "Root", "distro_version": "" }
"root.io.1"
2.0
"2.8.3"
[ "2.8.3+root.io.1", "2.8.1+root.io.1" ]
true
"https://api.root.io/external/osv/ROOT-APP-PYPI-CVE-2026-49476.json"