{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/setuptools/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":6.1,"id":"CVE-2026-59890"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["setuptools"],"_cs_severities":["medium"],"_cs_tags":["setuptools","python","macos","vulnerability","supply-chain"],"_cs_type":"advisory","_cs_vendors":["Python Software Foundation"],"content_html":"\u003cp\u003eCVE-2026-59890 details a vulnerability in the \u003ccode\u003esetuptools\u003c/code\u003e Python package, specifically impacting macOS environments utilizing APFS or HFS+ file systems. This flaw allows for a bypass of the \u003ccode\u003eMANIFEST.in\u003c/code\u003e exclusion rules during the creation of source distribution (sdist) packages. The root cause lies in how \u003ccode\u003esetuptools\u003c/code\u003e handles file exclusions in the presence of Unicode normalization collisions (NFC/NFD), which can occur on certain macOS file systems. An attacker could craft file names that, while visually distinct or nominally different, normalize to the same sequence, tricking \u003ccode\u003esetuptools\u003c/code\u003e into either including sensitive files meant to be excluded or excluding legitimate files, potentially leading to supply chain integrity issues or unintended information disclosure within Python projects. This vulnerability highlights the complexities of file system interactions and Unicode handling in software packaging.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA Python project maintainer uses \u003ccode\u003esetuptools\u003c/code\u003e to create a source distribution (sdist) package for their application on a macOS system formatted with APFS or HFS+.\u003c/li\u003e\n\u003cli\u003eThe maintainer defines exclusions in \u003ccode\u003eMANIFEST.in\u003c/code\u003e to prevent sensitive files (e.g., test data, build artifacts, configuration files) from being included in the sdist package.\u003c/li\u003e\n\u003cli\u003eAn attacker, aware of the vulnerability, might craft malicious files or manipulate existing file names within the project's source tree.\u003c/li\u003e\n\u003cli\u003eThe crafted filenames exploit Unicode normalization differences (NFC/NFD) such that, while they appear unique or different in their raw form, they normalize to the same representation on the macOS file system.\u003c/li\u003e\n\u003cli\u003eWhen \u003ccode\u003esetuptools\u003c/code\u003e processes the \u003ccode\u003eMANIFEST.in\u003c/code\u003e exclusions, the Unicode normalization collision leads it to incorrectly identify or misinterpret file paths.\u003c/li\u003e\n\u003cli\u003eThis misinterpretation results in \u003ccode\u003esetuptools\u003c/code\u003e failing to exclude intended sensitive files, or conversely, inadvertently including malicious files, into the final sdist package.\u003c/li\u003e\n\u003cli\u003eThe compromised sdist package is then distributed, containing files that should have been excluded (e.g., sensitive intellectual property, API keys) or potentially containing malicious payloads.\u003c/li\u003e\n\u003cli\u003eDownstream users who install the compromised sdist package unknowingly receive these unexcluded or malicious files, potentially leading to data breaches, system compromise, or supply chain attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe primary impact of CVE-2026-59890 is the potential for information disclosure or supply chain integrity compromise in Python projects developed and distributed via \u003ccode\u003esetuptools\u003c/code\u003e on vulnerable macOS systems. Organizations using \u003ccode\u003esetuptools\u003c/code\u003e for packaging applications on macOS with APFS/HFS+ may inadvertently include sensitive project files (e.g., API keys, private certificates, internal documentation, test data) into publicly distributed sdist packages. Conversely, a sophisticated attacker could potentially inject malicious code into a project's sdist by exploiting these normalization collisions, leading to widespread compromise of users who install the affected package. While no specific victim counts are available, any Python project relying on \u003ccode\u003esetuptools\u003c/code\u003e for packaging on the affected macOS environments is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefer to the official \u003ccode\u003esetuptools\u003c/code\u003e documentation or security advisories for patches addressing CVE-2026-59890 and apply them immediately to all development and build environments.\u003c/li\u003e\n\u003cli\u003eAdvise developers packaging Python applications on macOS (APFS/HFS+) to be aware of Unicode normalization issues, especially when defining \u003ccode\u003eMANIFEST.in\u003c/code\u003e exclusions.\u003c/li\u003e\n\u003cli\u003eReview existing \u003ccode\u003eMANIFEST.in\u003c/code\u003e configurations and the contents of generated sdist packages to ensure no unintended files are included, particularly if operating on affected macOS file systems.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-11T07:36:09Z","date_published":"2026-07-11T07:36:09Z","id":"https://feed.craftedsignal.io/briefs/2026-07-setuptools-unicode-bypass/","summary":"A vulnerability, CVE-2026-59890, affects the setuptools project, allowing a MANIFEST.in exclusion bypass during source distribution package creation due to Unicode normalization collisions (NFC/NFD) on macOS systems using APFS or HFS+ file systems.","title":"Setuptools Unicode Normalization Collision Bypass on macOS","url":"https://feed.craftedsignal.io/briefs/2026-07-setuptools-unicode-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - Setuptools","version":"https://jsonfeed.org/version/1.1"}