Medium5.3Red Hat Linux Updated
NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
CVE-2026-58203 Published Jul 6, 2026Updated by vendor Jul 6, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-22.
Mitigation checklist
Recommended fix / mitigation
- To mitigate this issue, ensure that the `secrets_dir` used by `pydantic-settings` with `NestedSecretsSettingsSource` is exclusively controlled by the application, preventing any unauthorized modifications or symlink placements. Alternatively, disable the `secrets_nested_subdir=True` option if nested secret subdirectories are not essential for your application's functionality.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.