VDB
KO

PYSEC-2026-742

Py2Play Unpickles Untrusted Objects

Details

Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / py2play
Introduced in: 0

No fixed version published yet for py2play (pip). Pin to a known-safe version or switch to an alternative.

References