From: "Miss Islington (bot)"
 <31488909+miss-islington@users.noreply.github.com>
Date: Wed, 4 Mar 2026 21:17:04 +0100
Subject: gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoader uses
 io.open_code (GH-145507)

(cherry picked from commit a51b1b512de1d56b3714b65628a2eae2b07e535e)

Co-authored-by: Steve Dower <steve.dower@python.org>

Origin: cpython, https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e
---
 lib-python/3/importlib/_bootstrap_external.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib-python/3/importlib/_bootstrap_external.py b/lib-python/3/importlib/_bootstrap_external.py
index 0bfe7b6..48b68d7 100644
--- a/lib-python/3/importlib/_bootstrap_external.py
+++ b/lib-python/3/importlib/_bootstrap_external.py
@@ -1141,7 +1141,7 @@ class FileLoader:
 
     def get_data(self, path):
         """Return the data from path as raw bytes."""
-        if isinstance(self, (SourceLoader, ExtensionFileLoader)):
+        if isinstance(self, (SourceLoader, SourcelessFileLoader, ExtensionFileLoader)):
             with _io.open_code(str(path)) as file:
                 return file.read()
         else:
