Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Fedora 44 python-dotenv 1.2.2 Security Advisory CVE-2026-28684

fedora
Calendar Grey May 21, 2026
Dist Fedora Esm H88
Arbitrary file overwrite issue fixed in python-dotenv 1.2.2 for Fedora 44. Update your system to ensure security compliance.
Update to 1.2.2, security fix for CVE-2026-28684.

Summary

Reads the key/value pairs from a .env file and can add them to environment

variables.

Update Information:

Update to 1.2.2, security fix for CVE-2026-28684.

Change Log

* Thu Apr 30 2026 Benjamin A. Beasley - 1.2.2-1 - Update to 1.2.2 (close RHBZ#2443673)

References


[ 1 ] Bug #2374518 - python-dotenv-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2374518 [ 2 ] Bug #2443673 - python-dotenv-1.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2443673 [ 3 ] Bug #2460549 - CVE-2026-28684 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460549

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-79e64d2daa' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: python-dotenv
Product: Fedora 44
Version: 1.2.2
Release: 1.fc44
Summary: Read key-value pairs from a .env file and set them as environment variables

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here