Product
A vulnerability, CVE-2026-9147, in the uproot library allows arbitrary Python code execution when processing crafted ROOT files due to improper handling of streamer metadata fields during dynamic code generation, impacting applications that open or process untrusted ROOT files.