Python Supply-Chain Compromise

This is news:

A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the Python interpreter on every startup, without requiring any explicit import of the litellm module.

There are a lot of really boring things we need to do to help secure all of these critical libraries: SBOMs, SLSA, SigStore. But we have to do them.

Tags: , ,

Posted on April 8, 2026 at 6:25 AM3 Comments

Comments

Python User April 8, 2026 9:29 AM

If you wanna screw somebody – just use python – I do it all the time. And mutual satisfaction is guaranteed every single time! After all – imagine penetration testing or the penetration without testing, sans python? Much better with python. Thing is, it’s free to boot.

Anselm April 8, 2026 12:19 PM

The problem here is with .pth files, which are used in Python to tell the Python interpreter about the location of various resources. These can, in principle, contain arbitrary Python code and are sourced by the Python interpreter whenever it starts up. Apparently a more declarative approach that functions without arbitrary Python is in the works, in order to counter such attacks in the future.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.