1. CVE-2026-42301: pyp2spec RPM Macro Injection Flaw Exposes Fedora Packagers to Supply Chain Risk
A high-severity vulnerability tracked as CVE-2026-42301 has been disclosed in pyp2spec, a tool widely used to generate Fedora RPM spec files for Python projects. Rated 7.8 on the CVSS scale, the flaw could allow malicious PyPI package metadata to inject arbitrary RPM macro directives into generated spec files, potentia...