Skip to content

CVE-2026-8643 (MEDIUM): detected in Lambda Docker Images. #595

Description

@the-lambda-watchdog

CVE Details

CVE ID Severity Affected Package Installed Version Fixed Version Date Published Date of Scan
CVE-2026-8643 MEDIUM pip 25.0.1 26.1.2 2026-06-01T17:17:35.77Z 2026-07-09T10:18:32.887540943Z

Affected Docker Images

Image Name SHA
public.ecr.aws/lambda/python:3.12 public.ecr.aws/lambda/python@sha256:1469ffd8f9dddd69729abc4ae0d786e6393775aa1ad5f716eacc26d0ff4031c4
public.ecr.aws/lambda/python:3.11 public.ecr.aws/lambda/python@sha256:2498fc1e13c37cd371afaa8b9dac01ae33f888442f5445b8449cd2484f4505a1
public.ecr.aws/lambda/python:3.10 public.ecr.aws/lambda/python@sha256:86975d6eb11fa0733ad87cce106af309f64949af210d2e1e03dd41fcfd3178f3

Description

pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.


Remediation Steps

  • Update the affected package pip from version 25.0.1 to 26.1.2.

About this issue

  • This issue may not contain all the information about the CVE nor the images it affects.
  • This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
  • For more, visit Lambda Watchdog.
  • This issue was created automatically by Lambda Watchdog.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions