CVE-2026-6357 — pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally defer — CVE Database · The Intelligence Room