Update dependency python-dotenv to v1.2.2 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
python-dotenv	1.0.1 → 1.2.2

---

python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

CVE-2026-28684 / GHSA-mf9w-mj56-hr94

More information

Details

Summary

set_key() and unset_key() in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered.

Details

The rewrite() context manager in dotenv/main.py is used by both set_key() and unset_key() to safely modify .env files. It works by writing to a temporary file (created in the system's default temp directory, typically /tmp) and then using shutil.move() to replace the original file.

When the .env path is a symbolic link and the temp directory resides on a different filesystem than the target (a common configuration on Linux systems using tmpfs for /tmp), the following sequence occurs:

1. shutil.move() first attempts os.rename(), which fails with an OSError because atomic renames cannot cross device boundaries.
2. On failure, shutil.move() falls back to shutil.copy2() followed by os.unlink().
3. shutil.copy2() calls shutil.copyfile() with follow_symlinks=True by default.
4. This causes the content to be written to the symlink target rather than replacing the symlink itself.

An attacker who has write access to the directory containing a .env file can pre-place a symlink pointing to any file that the application process has write access to. When the application (or a privileged process such as a deploy script, Docker entrypoint, or CI pipeline) calls set_key() or unset_key(), the symlink target is overwritten with the new .env content.

This vulnerability does not require a race condition and is fully deterministic once the preconditions are met.

Impact

The primary impacts are to integrity and availability:

• File overwrite / destruction (DoS): An attacker can cause an application or privileged process to corrupt or destroy configuration files, database configs, or other sensitive files it would not normally have access to modify.
• Integrity violation: The target file's original content is replaced with .env-formatted content controlled by the attacker.
• Potential privilege escalation: In scenarios where a privileged process (running as root or a service account) calls set_key(), the attacker can leverage this to write to files beyond their own access level.

The scope of impact depends on the application using python-dotenv and the privileges under which it runs.

Proof of Concept

The following script demonstrates the vulnerability. It requires /tmp and the user's home directory to reside on different devices (common on systemd-based Linux systems with tmpfs).

import os
import sys
import tempfile
from dotenv import set_key

##### Pre-condition: /tmp must be on a different device than the target directory.
tmp_dev = os.stat("/tmp").st_dev
home_dev = os.stat(os.path.expanduser("~")).st_dev
assert tmp_dev != home_dev, "Skipped: /tmp and ~ are on the same device (no cross-device move)"

with tempfile.TemporaryDirectory(dir=os.path.expanduser("~")) as workdir:
    # File an attacker wants to overwrite
    target = os.path.join(workdir, "victim_config.txt")
    with open(target, "w") as f:
        f.write("DB_PASSWORD=supersecret\n")

    # Attacker pre-places a symlink at the path the application will use as .env
    env_symlink = os.path.join(workdir, ".env")
    os.symlink(target, env_symlink)

    before = open(target).read()

    # Application writes a new key -- triggers the cross-device fallback
    set_key(env_symlink, "INJECTED", "attacker_value")

    after = open(target).read()

    print("Before:", repr(before))
    print("After: ", repr(after))
    print("Symlink target overwritten:", target)

Expected output:

Before: 'DB_PASSWORD=supersecret\n'
After:  "DB_PASSWORD=supersecret\nINJECTED='attacker_value'\n"
Symlink target overwritten: /home/user/tmp806nut2g/victim_config.txt

Remediation

The fix changes the rewrite() context manager in the following ways:

1. Symlinks are no longer followed by default. When the .env path is a symlink, rewrite() now resolves it to the real path before proceeding, or (by default) operates on the symlink entry itself rather than the target.
2. A follow_symlinks: bool = False parameter is added to set_key() and unset_key() for users who explicitly need the old behavior.
3. Temp files are written in the same directory as the target .env file (instead of the system temp directory), eliminating the cross-device rename condition entirely.
4. os.replace() is used instead of shutil.move(), providing atomic replacement without symlink-following fallback behavior.

Users are advised to upgrade to the patched version as soon as it is available on PyPI.

Timeline

Date	Event
2026-01-09	Initial report received from Giorgos Tsigourakos regarding a separate, unrelated issue also located in rewrite()
2026-01-10	Co-maintainer acknowledged report, requested clarification
2026-01-11	Initial report assessed as not exploitable and closed
2026-02-24	Reporter identified new, distinct cross-device symlink attack vector with deterministic exploitation
2026-02-26	Co-maintainer confirmed vulnerability and shared draft patch
2026-02-26	Reporter validated fix with monkeypatched PoC, proposed CVSS
2026-03-01	Patch merged to main
2026-03-01	Patched version released to PyPI
2026-04-20	Advisory published

Patches

Upgrade to v.1.2.2 or use the patch from https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311.patch

Severity

• CVSS Score: 6.6 / 10 (Medium)
• Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

References

• https://github.com/theskumar/python-dotenv/security/advisories/GHSA-mf9w-mj56-hr94
• https://nvd.nist.gov/vuln/detail/CVE-2026-28684
• https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311
• https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311.patch
• https://github.com/theskumar/python-dotenv/releases/tag/v1.2.2
• https://github.com/advisories/GHSA-mf9w-mj56-hr94

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

theskumar/python-dotenv (python-dotenv)

v1.2.2

Compare Source

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#​588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in [#​607]
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in [#​590]

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some
  situations. This is no longer the case. For that behavior to be restored in
  all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This
  is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset
  used to reset the file mode of the modified .env file to 0o600 in some
  situations. This is no longer the case: The original mode of the file is now
  preserved. Is the file needed to be created or wasn't a regular file, mode
  0o600 is used.

v1.2.1

Compare Source

• Move more config to pyproject.toml, removed setup.cfg
• Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in [#​586]

v1.2.0

Compare Source

• Upgrade build system to use PEP 517 & PEP 518 to use build and pyproject.toml by [@​EpicWink] in [#​583]
• Add support for Python 3.14 by [@​23f3001135] in [#​579]
• Add support for disabling of load_dotenv() using PYTHON_DOTENV_DISABLED env var. by [@​matthewfranglen] in [#​569]

v1.1.1

Compare Source

Fixed

• CLI: Ensure find_dotenv work reliably on python 3.13 by [@​theskumar] in [#​563]
• CLI: revert the use of execvpe on Windows by [@​wrongontheinternet] in [#​566]

v1.1.0

Compare Source

Added

• Add support for python 3.13
• Enhance dotenv run, switch to execvpe for better resource management and signal handling ([#​523]) by [@​eekstunt]

Fixed

• find_dotenv and load_dotenv now correctly looks up at the current directory when running in debugger or pdb ([#​553] by [@​randomseed42])

Misc

• Drop support for Python 3.8

---

Configuration

📅 Schedule: (in timezone UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

🔴 This PR only updates python/poetry.lock to pin python-dotenv 1.2.2, but leaves python/pyproject.toml with python-dotenv = "^1.0.0", which allows any version >=1.0.0,<2.0.0. If the lock file is ever regenerated (via poetry lock, poetry update, or CI), Poetry can legally resolve to 1.0.1–1.2.1, all of which contain CVE-2026-28684 (symlink-following arbitrary file overwrite). Update python/pyproject.toml to python-dotenv = ">=1.2.2" to permanently enforce the minimum safe version.

Extended reasoning...

What the bug is and how it manifests

This PR patches CVE-2026-28684 by updating python/poetry.lock to pin python-dotenv at 1.2.2. However, the semver constraint in python/pyproject.toml remains python-dotenv = "^1.0.0" (in [tool.poetry.group.dev.dependencies]). The caret constraint ^1.0.0 allows Poetry to resolve any version >=1.0.0,<2.0.0. The lock file is only a snapshot; it does not permanently enforce a minimum version floor.

The specific code path that triggers it

If any developer or CI system runs poetry lock, poetry update python-dotenv, or regenerates the lock file for any reason, Poetry will re-resolve the dependency graph using only the constraint in pyproject.toml. Since ^1.0.0 permits 1.0.1, 1.1.0, 1.2.0, and 1.2.1 — all of which are vulnerable — Poetry may legally install any of those versions, silently reverting the security fix.

Why existing code does not prevent it

The lock file python/poetry.lock records the exact version resolved at a point in time (1.2.2), but Poetry treats the lock file as a reproducibility aid, not a security policy. The authoritative source of truth for what versions are acceptable is pyproject.toml. Without a tightened lower bound there, the lock file pin provides only ephemeral protection that disappears the next time dependencies are refreshed.

Impact

Any regeneration of the lock file could silently introduce a vulnerable version of python-dotenv. This is especially dangerous in CI pipelines that run poetry update or poetry lock before tests, in developer onboarding flows, and in Dependabot/Renovate workflows that refresh other dependencies. A vulnerable version allows a local attacker to exploit set_key()/unset_key() to overwrite arbitrary files via a crafted symlink (CVSS 6.6, integrity/availability impact).

Comparison with other locations in the repo

The other two locations in the repository handle this correctly: chart_data_extractor/pyproject.toml already uses python-dotenv = "^1.2.1" and template/requirements-dev.txt pins to python-dotenv==1.2.2. Only python/pyproject.toml is missing the constraint tightening.

Step-by-step proof

1. Current state: python/pyproject.toml contains python-dotenv = "^1.0.0" and python/poetry.lock pins version 1.2.2.
2. Developer runs poetry update or poetry lock --no-update in the python/ directory.
3. Poetry re-resolves all constraints. Since ^1.0.0 is satisfied by 1.0.1, 1.1.0, 1.2.0, or 1.2.1, Poetry may select any of these depending on other constraints, available releases, or resolution order.
4. The lock file is now updated to a vulnerable version (e.g., 1.0.1), without any warning.
5. CI installs the vulnerable version; the symlink-following CVE-2026-28684 is now present in the deployed application.
6. Fix: Change python/pyproject.toml line to python-dotenv = ">=1.2.2" (or "^1.2.2"). This ensures Poetry will never resolve a version below the patched release, regardless of lock file state.