Product
A vulnerability, CVE-2026-59890, affects the setuptools project, allowing a MANIFEST.in exclusion bypass during source distribution package creation due to Unicode normalization collisions (NFC/NFD) on macOS systems using APFS or HFS+ file systems.