The .pth Attack Vector That Bypassed Every Scanner in Your Stack | Security
The LiteLLM compromise introduced a persistence technique that most security tooling in 2026 does not detect: a Python .pth file placed in site packages. The m…
Published on MyPrivateClaw
Apr 3, 2026, 7:47 PM UTC
Coverage date
Apr 3, 2026
Last updated
Apr 4, 2026, 5:23 AM UTC
News summary
The LiteLLM compromise introduced a persistence and execution technique that most security tooling in 2026 does not detect: a Python .pth file placed in site packages. The mechanism is not new to Python internals, but its weaponization for supply chain attacks was absent from almost every published threat model until this month. Understanding it is now mandatory for anyone running Python in production. Python's path configuration files — files with the .pth extension stored in site packages — are processed by the site module during interpreter startup. Every line in a .pth file is either added to sys.path or, if it begins with import , executed as a Python statement. This happens before any user code runs, before any import in your application, and before any runtime security hook you may have installed. There is no import of the malicious package required. Installing a compromised pack…