Root has patched CVE-2026-6357 in the rootio-pip package for Root:PyPI. Multiple fixed versions available.
{
"distro": "pypi",
"source": "Root",
"distro_version": "",
"severity": "MEDIUM"
}[
"26.0.1+root.io.2",
"24.0+root.io.3",
"23.1.2+root.io.2",
"23.0.1+root.io.4",
"25.2+root.io.2",
"23.1.2+root.io.3",
"22.3.1+root.io.2",
"25.2+root.io.3",
"26.0.1+root.io.3",
"25.2+root.io.4",
"22.3.1+root.io.3",
"23.1.2+root.io.4",
"23.0.1+root.io.5",
"24.0+root.io.4",
"25.0.1+root.io.4",
"23.2.1+root.io.4",
"22.3.1+root.io.4"
]
"root.io.4"
17.0
"https://api.root.io/external/osv/ROOT-APP-PYPI-CVE-2026-6357.json"
true
"22.3.1"
[
"26.0.1+aikido.3",
"25.2+aikido.4",
"22.3.1+aikido.3",
"23.1.2+aikido.4",
"23.0.1+aikido.5",
"24.0+aikido.4",
"25.0.1+aikido.4",
"23.2.1+aikido.4",
"22.3.1+aikido.4"
]
9.0
""
"https://api.root.io/external/osv/ROOT-APP-PYPI-CVE-2026-6357.json"
"22.3.1+aikido.4"
true