The import hook in CPython that handles legacy*.pyc files (SourcelessFileLoader) is incorrectly handled inFileLoader (a base class) and so does not useio.open_code() to read the.pyc files. This means anyone who has hookedio.open_code() to do validation will be bypassed.

classFileLoader:    ...defget_data(self,path):"""Return the data from path as raw bytes."""ifisinstance(self, (SourceLoader,ExtensionFileLoader)):with_io.open_code(str(path))asfile:returnfile.read()else:with_io.FileIO(path,'r')asfile:returnfile.read()

TheSourcelessFileLoader subclass doesn't get caught by theisinstance() call, because it's neither of the classes listed. It should haveSourcelessFileLoader added to the tuple.

This import hook is enabled by default, though theSourceFileLoader is higher priority, and it does correctly useio.open_code().

Legacy*.pyc files may be used if a user has precompiled their sources and then removed the source code. Under default configuration, it will never be used.

I didn't find any GitHub results that were actual uses, though I expected they'd all be private forks anyway, so I think the impact is going to be very low. The fix is trivial, but this is also easily exploitable if it's the sole security measure - for any module that's going to be imported, put its.pyc earlier on the search path and that'll be picked first without verification.

(This has already been reviewed by the PSRT and assignedCVE-2026-2297. The issue is just to get the fix merged.)

Linked PRs

• gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoader uses io.open_code #145507
• [3.14] gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoader uses io.open_code (GH-145507) #145512
• [3.13] gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoader uses io.open_code (GH-145507) #145513
• [3.12] gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoader uses io.open_code (GH-145507) #145514
• [3.11] gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoader uses io.open_code (GH-145507) #145515