<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Setuptools - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/setuptools/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Sat, 11 Jul 2026 07:36:09 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/setuptools/feed.xml" rel="self" type="application/rss+xml"/><item><title>Setuptools Unicode Normalization Collision Bypass on macOS</title><link>https://feed.craftedsignal.io/briefs/2026-07-setuptools-unicode-bypass/</link><pubDate>Sat, 11 Jul 2026 07:36:09 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-setuptools-unicode-bypass/</guid><description>A vulnerability, CVE-2026-59890, affects the setuptools project, allowing a MANIFEST.in exclusion bypass during source distribution package creation due to Unicode normalization collisions (NFC/NFD) on macOS systems using APFS or HFS+ file systems.</description><content:encoded><![CDATA[<p>CVE-2026-59890 details a vulnerability in the <code>setuptools</code> Python package, specifically impacting macOS environments utilizing APFS or HFS+ file systems. This flaw allows for a bypass of the <code>MANIFEST.in</code> exclusion rules during the creation of source distribution (sdist) packages. The root cause lies in how <code>setuptools</code> handles file exclusions in the presence of Unicode normalization collisions (NFC/NFD), which can occur on certain macOS file systems. An attacker could craft file names that, while visually distinct or nominally different, normalize to the same sequence, tricking <code>setuptools</code> into either including sensitive files meant to be excluded or excluding legitimate files, potentially leading to supply chain integrity issues or unintended information disclosure within Python projects. This vulnerability highlights the complexities of file system interactions and Unicode handling in software packaging.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>A Python project maintainer uses <code>setuptools</code> to create a source distribution (sdist) package for their application on a macOS system formatted with APFS or HFS+.</li>
<li>The maintainer defines exclusions in <code>MANIFEST.in</code> to prevent sensitive files (e.g., test data, build artifacts, configuration files) from being included in the sdist package.</li>
<li>An attacker, aware of the vulnerability, might craft malicious files or manipulate existing file names within the project's source tree.</li>
<li>The crafted filenames exploit Unicode normalization differences (NFC/NFD) such that, while they appear unique or different in their raw form, they normalize to the same representation on the macOS file system.</li>
<li>When <code>setuptools</code> processes the <code>MANIFEST.in</code> exclusions, the Unicode normalization collision leads it to incorrectly identify or misinterpret file paths.</li>
<li>This misinterpretation results in <code>setuptools</code> failing to exclude intended sensitive files, or conversely, inadvertently including malicious files, into the final sdist package.</li>
<li>The compromised sdist package is then distributed, containing files that should have been excluded (e.g., sensitive intellectual property, API keys) or potentially containing malicious payloads.</li>
<li>Downstream users who install the compromised sdist package unknowingly receive these unexcluded or malicious files, potentially leading to data breaches, system compromise, or supply chain attacks.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The primary impact of CVE-2026-59890 is the potential for information disclosure or supply chain integrity compromise in Python projects developed and distributed via <code>setuptools</code> on vulnerable macOS systems. Organizations using <code>setuptools</code> for packaging applications on macOS with APFS/HFS+ may inadvertently include sensitive project files (e.g., API keys, private certificates, internal documentation, test data) into publicly distributed sdist packages. Conversely, a sophisticated attacker could potentially inject malicious code into a project's sdist by exploiting these normalization collisions, leading to widespread compromise of users who install the affected package. While no specific victim counts are available, any Python project relying on <code>setuptools</code> for packaging on the affected macOS environments is at risk.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Refer to the official <code>setuptools</code> documentation or security advisories for patches addressing CVE-2026-59890 and apply them immediately to all development and build environments.</li>
<li>Advise developers packaging Python applications on macOS (APFS/HFS+) to be aware of Unicode normalization issues, especially when defining <code>MANIFEST.in</code> exclusions.</li>
<li>Review existing <code>MANIFEST.in</code> configurations and the contents of generated sdist packages to ensure no unintended files are included, particularly if operating on affected macOS file systems.</li>
</ul>
]]></content:encoded><category domain="severity">medium</category><category domain="type">advisory</category><category>setuptools</category><category>python</category><category>macos</category><category>vulnerability</category><category>supply-chain</category></item></channel></rss>