CRITICAL 9.8

PYSEC-2026-557

Salesforce Uni2TS has a Code Injection vulnerability

Details

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / uni2ts

Introduced in: 0 Fixed in: 2.0.0

Fix pip install --upgrade 'uni2ts>=2.0.0'

References

https://nvd.nist.gov/vuln/detail/CVE-2026-22584 [ADVISORY]
https://github.com/SalesforceAIResearch/uni2ts/pull/218 [WEB]
https://github.com/SalesforceAIResearch/uni2ts/commit/7f2d51dd729de018f0f22504f39a8475c6fed1c4 [WEB]
https://github.com/SalesforceAIResearch/uni2ts [PACKAGE]
https://github.com/SalesforceAIResearch/uni2ts/releases/tag/2.0.0 [WEB]
https://help.salesforce.com/s/articleView?id=005239354&type=1 [WEB]
https://pypi.org/project/uni2ts [PACKAGE]
https://github.com/advisories/GHSA-7x99-8x99-xc54 [ADVISORY]