Is briefcase affected by CVE-2026-33430?

PyPI briefcase is affected in >=0.3.0 <0.3.26.

Is CVE-2026-33430 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.1%.

high

CVE-2026-33430

Q: Is CVE-2026-33430 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.1%.

PyPI · briefcase

Summary

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users (i.e., per-machine scope), the

Severity: high
EPSS: 0.1% (p3)
Also known as: GHSA-r3r2-35v9-v238, PYSEC-2026-27
Published: 2026-03-26

References

https://github.com/beeware/briefcase/issues/2759
https://github.com/beeware/briefcase-windows-VisualStudio-template/pull/85
https://github.com/beeware/briefcase-windows-app-template/pull/86

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.