Updated python-pydantic-settings packages fix a security vulnerability
Publication date: 18 Jul 2026Modification date: 18 Jul 2026
Type: security
Affected Mageia releases : 10
CVE: CVE-2026-58203
Description
The updated packages fix a security vulnerability:
NestedSecretsSettingsSource follows symlinks outside secrets_dir,
enabling local file read and bypassing secrets_dir_max_size.
(CVE-2026-58203)
References
- https://bugs.mageia.org/show_bug.cgi?id=35774
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQBQN77WGZ57LE5TTARNBPREPF3JLEX/
- https://github.com/pydantic/pydantic-settings/security/advisories/GHSA-4xgf-cpjx-pc3j
- https://www.cve.org/CVERecord?id=CVE-2026-58203
SRPMS
10/core
- python-pydantic-settings-2.14.2-1.mga10