1. CVE-2026-22702: TOCTOU Race Condition in virtualenv Enables Symlink-Based Directory Attacks
A Time-of-Check-Time-of-Use (TOCTOU) vulnerability has been identified in the virtualenv package (versions up to and including 20.36.1), potentially allowing local attackers to perform symlink-based directory manipulation attacks. The flaw exists in how virtualenv handles directory creation operations, creating a race ...