CVE-2026-47781: PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing

June 11, 2026

PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir(), attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins.

This allows arbitrary code execution with the privileges of the user running pdm from an untrusted repository checkout.

References

github.com/advisories/GHSA-qq6c-99pv-prvf
github.com/pdm-project/pdm/releases/tag/2.27.0
github.com/pdm-project/pdm/security/advisories/GHSA-qq6c-99pv-prvf
nvd.nist.gov/vuln/detail/CVE-2026-47781

Code Behaviors & Features

Detect and mitigate CVE-2026-47781 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →