{"id":"PYSEC-2026-1968","summary":"TkEasyGUI Affected by Uncontrolled Search Path Element Issue","details":"Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program.","aliases":["CVE-2025-55671","GHSA-ph2w-cx28-vhrq"],"modified":"2026-07-07T17:48:05.342233494Z","published":"2026-07-07T16:03:03.284369Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55671"},{"type":"PACKAGE","url":"https://github.com/kujirahand/tkeasygui-python"},{"type":"WEB","url":"https://github.com/kujirahand/tkeasygui-python/releases/tag/v1.0.22"},{"type":"WEB","url":"https://jvn.jp/en/jp/JVN48739895"},{"type":"PACKAGE","url":"https://pypi.org/project/tkeasygui"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-ph2w-cx28-vhrq"}],"affected":[{"package":{"name":"tkeasygui","ecosystem":"PyPI","purl":"pkg:pypi/tkeasygui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.22"}]}],"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.6","0.2.1","0.2.16","0.2.19","0.2.2","0.2.20","0.2.24","0.2.27","0.2.28","0.2.29","0.2.3","0.2.30","0.2.31","0.2.35","0.2.38","0.2.4","0.2.43","0.2.44","0.2.45","0.2.46","0.2.47","0.2.48","0.2.49","0.2.55","0.2.57","0.2.63","0.2.67","0.2.68","0.2.69","0.2.71","0.2.72","0.2.73","0.2.74","0.2.75","0.2.76","0.2.77","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.16","1.0.17","1.0.18","1.0.2","1.0.20","1.0.21","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/tkeasygui/PYSEC-2026-1968.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}