setuptools (Python Packaging), Unicode Normalization Bypass, CVE-2026-59890 (Medium) -DC-Jul2026-932

Listen to this Post

How CVE-2026-59890 Works

setuptools is the standard Python package distribution tool used to build, distribute, and install Python packages. A core component of setuptools is the `FileList` class, which processes `MANIFEST.in` directives—such as exclude, global-exclude, recursive-exclude, and prune—to determine which files should be omitted from a source distribution (sdist) tarball. Prior to version 83.0.0, `FileList` applied these exclusion rules by performing compiled glob pattern matching directly against filenames as they exist on disk, without any Unicode normalization.
This seemingly minor implementation detail creates a serious bypass vulnerability on macOS systems using the APFS or HFS+ file systems. These file systems store filenames in a decomposed Unicode normalization form known as NFD (Normalization Form Decomposed). For example, the character “ü” (U+00FC) is stored as the two-character sequence “u” (U+0075) + “̈” (U+0308). In contrast, `MANIFEST.in` files are typically authored by developers in a composed form, NFC (Normalization Form Composed), where “ü” is stored as a single code point.
Because `FileList` did not normalize filenames before comparison, an exclusion pattern written in NFC (e.g., exclude .txt) would fail to match a file whose name was stored on disk in NFD. An attacker with local access to a project repository could create a file with a maliciously crafted NFD name—designed to visually appear identical to an excluded file—and have it inadvertently included in the published source distribution. The file would bypass the exclusion rule, be packed into the sdist, and ultimately be distributed to all downstream consumers of that package.
The vulnerability requires user interaction (the developer must build and publish the sdist) and local system access to create the malformed filename. However, its attack complexity is low, and the confidentiality impact is high because sensitive files—such as configuration files, private keys, or environment secrets—that were intended to be excluded could be leaked to the public. The issue was assigned CVE-2026-59890 and fixed in setuptools version 83.0.0, released on July 4, 2026, by making `FileList` matching insensitive to Unicode normalization form.

DailyCVE Form

Platform: …… macOS APFS/HFS+
Version: …….. < 83.0.0
Vulnerability :…… Unicode normalization bypass
Severity: ……. 6.1 (Medium)
date: ………. July 8, 2026

Prediction: …… July 15, 2026

What Undercode Say

Analytics:

  • Affected Component: `setuptools.command.egg_info.FileList`
    – Root Cause: Missing `unicodedata.normalize(‘NFC’, filename)` before glob matching
  • Exploitation Prerequisites: Local access, macOS filesystem, user interaction (sdist build)
  • Public Exploit: Proof-of-concept exists
  • CVSS Vector: `CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N`

Bash Commands & Code:

Check setuptools version
python3 -c "import setuptools; print(setuptools.<strong>version</strong>)"
Create a file with NFD-encoded name (macOS only)
"secret.txt" in NFC → stored as "secrét.txt" in NFD on APFS/HFS+
touch $'secre\u0301t.txt'
MANIFEST.in with NFC exclusion rule (fails to match NFD file)
echo "exclude secret.txt" > MANIFEST.in
Build sdist - the NFD file bypasses exclusion and is included
python3 setup.py sdist
Verify the leaked file in the tarball
tar -tzf dist/.tar.gz | grep secre
Python snippet demonstrating the normalization mismatch
import os
import unicodedata
Pattern authored in NFC (composed)
pattern = "secret.txt" NFC
Filename as stored on macOS APFS/HFS+ (decomposed NFD)
nfd_filename = unicodedata.normalize('NFD', "secret.txt")
Prior to 83.0.0: pattern != nfd_filename → bypass
After 83.0.0: both are normalized to NFC before comparison

Exploit

To exploit CVE-2026-59890, an attacker with local write access to a Python project repository creates a file whose name is visually identical to an excluded file but encoded in NFD. On macOS, this can be done using the `touch $’secre\u0301t.txt’` command or via Python’s unicodedata.normalize('NFD', filename). When the project maintainer builds a source distribution using setuptools < 83.0.0, the `FileList` class processes the `MANIFEST.in` exclusion rules using NFC patterns but compares them against the raw, unnormalized NFD filenames on disk. The comparison fails, the exclusion is silently ignored, and the sensitive file is packaged into the sdist tarball. Upon publishing to PyPI, the file becomes publicly downloadable by anyone who installs the package, leading to potential exposure of secrets, credentials, or proprietary configuration data.

Protection

  • Upgrade setuptools to version 83.0.0 or later immediately.
  • If upgrade is not possible, avoid using `MANIFEST.in` exclusions for non-ASCII filenames; instead, use `exclude` patterns that match the NFD form as well (e.g., exclude secret.txt).
  • Review existing source distributions for unintended inclusion of sensitive files.
  • Use `twine check` and inspect sdist contents before publishing.
  • Apply distribution-specific patches: Red Hat has issued RHSA-2026:37530; Ubuntu is evaluating the fix for its LTS releases.

Impact

  • Confidentiality: High – Sensitive files (secrets, keys, configs) can be leaked to all package consumers.
  • Integrity: Low – No direct code modification, but leakage enables further attacks.
  • Availability: None – Service disruption does not occur.
  • Scope: Unchanged – The vulnerability does not escalate privileges beyond the local filesystem context.
  • Affected Environments: Primarily macOS developers using APFS or HFS+. Linux and Windows systems are not affected due to different filesystem Unicode handling.
  • Supply Chain Risk: A compromised sdist can propagate sensitive data to thousands of downstream dependents, making this a significant supply chain integrity concern.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top