f-Check-Time-of-Use)
+vulnerabilities in virtualenv allow local attackers to perform
+symlink-based attacks on directory creation operations.  An attacker
+with local access can exploit a race condition between directory
+existence checks and creation to redirect virtualenv's app_data and
+lock file operations to attacker-controlled locations.  This issue
+has been patched in version 20.36.1.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2026-22702</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2026-22702</url>
+    </references>
+    <dates>
+      <discovery>2026-01-10</discovery>
+      <entry>2026-01-12</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="7e63d0dd-eeff-11f0-b135-c01803b56cc4">
     <topic>libtasn1 -- Stack-based buffer overflow</topic>
     <affects>