Is CVE-2026-42208 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-42208 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-42208

CVE-2026-42208: semantic-router pulled a compromised wheel via its AI dependency chain. A .pth file executed on Python startup — no import needed — exfiltrating AWS, GCP, Azure creds, SSH keys, and Kubernetes configs.

2026

What WebPulse reported · 1 analysis

A Python .pth File Ran Before Import. AI Routing Library semantic-router Shipped Compromised Credentials Harvester.

CVE-2026-42208: semantic-router pulled a compromised wheel via its AI dependency chain. A .pth file executed on Python startup — no import needed — exfiltrating

June 27, 2026

View CVE-2026-42208 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657