1. Python-dotenv Security Flaw: CVE-2026-28684 Allows Arbitrary File Overwrite via Symbolic Links
A critical security vulnerability in the widely-used python-dotenv library exposes systems to arbitrary file overwrite attacks. The flaw, tracked as CVE-2026-28684 (GHSA-mf9w-mj56-hr94), resides in the `set_key()` and `unset_key()` functions. These functions follow symbolic links when rewriting `.env` files, creating a...