A critical authentication bypass vulnerability was discovered in the python.org release management API, potentially allowing attackers to impersonate administrators and redirect users to malicious download URLs. This flaw, present since 2014, was responsibly disclosed on February 23, 2026, by Splitline Ng of the DEVCORE Research Team and patched within 48 hours.
The vulnerability allowed an attacker to supply an admin username paired with an arbitrary API key, granting full administrative privileges. This flaw had silently existed in the codebase for over a decade, spanning multiple Python releases.
If exploited, a threat actor could have modified Python release and file metadata, altering the download URLs presented on python.org/downloads, including links to verification materials such as Sigstore signatures and PGP keys. While attackers could not directly modify release binaries in-place, tampering with verification URLs could have facilitated large-scale supply chain attacks targeting Python users and downstream distributors worldwide.
Response and Mitigation
The Python Security Response Team (PSRT) confirmed the vulnerability on a local instance and immediately coordinated a fix. Security Developer-in-Residence Seth Larson, alongside Hugo van Kemenade and Jacob Coffee, developed and deployed the patch to production within 24 hours. By February 24th, DEVCORE confirmed that the proof of concept no longer functioned.
Post-incident forensics showed no evidence of exploitation. PSRT audited logs, database backups, and verified all artifact signatures—both Sigstore and PGP from Python 2.5 through 3.13—finding no anomalies. Python 3.14 and later releases, which no longer provide PGP materials per PEP 761, were verified exclusively via Sigstore.
Beyond patching the authentication logic, several additional security hardening steps were implemented:
- URL validation: The database and API now reject any URLs not beginning with
https://www.python.org/, blocking attacker-controlled redirects even if authentication is bypassed. - HTTPS enforcement: A custom field validator now requires HTTPS URLs for newer releases.
- Negative auth test cases: New test coverage added for all authentication failure branches.
- Extended log retention: Logging retention increased from 3 days to 30 days to support future audit work.
A third-party audit by Trail of Bits, funded by OpenAI, was completed on June 1st and confirmed the absence of any additional authentication or authorization issues. LLM-assisted auditing tools applied in April also returned clean results.
This incident underscores the importance of regular security audits and prompt patching in maintaining the integrity of widely used platforms. The swift response by the PSRT and the implementation of additional security measures demonstrate a strong commitment to safeguarding the Python ecosystem against potential threats.
