diff --git a/001032-bugfix-for-CVE-2026-2297.patch b/001032-bugfix-for-CVE-2026-2297.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7806beacd96c54acbcd6b68deb6ced4e0f0130d2
--- /dev/null
+++ b/001032-bugfix-for-CVE-2026-2297.patch
@@ -0,0 +1,44 @@
+From 69ddd9bb2cc4bd69b1565647c18659c6a789ccd9 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Thu, 30 Apr 2026 23:18:42 +0200
+Subject: [PATCH] [3.11] gh-145506: Fixes CVE-2026-2297 by ensuring
+ SourcelessFileLoader uses io.open_code (GH-145507) (#145515)
+
+* gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoader uses io.open_code (GH-145507)
+(cherry picked from commit a51b1b512de1d56b3714b65628a2eae2b07e535e)
+
+Co-authored-by: Steve Dower <steve.dower@python.org>
+
+* Fix docs reference
+
+---------
+
+Co-authored-by: Steve Dower <steve.dower@python.org>
+---
+ Lib/importlib/_bootstrap_external.py                            | 2 +-
+ .../Security/2026-03-04-18-59-17.gh-issue-145506.6hwvEh.rst     | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2026-03-04-18-59-17.gh-issue-145506.6hwvEh.rst
+
+diff --git a/Lib/importlib/_bootstrap_external.py b/Lib/importlib/_bootstrap_external.py
+index e53f6acf38fc642..588da3c7ad1517e 100644
+--- a/Lib/importlib/_bootstrap_external.py
++++ b/Lib/importlib/_bootstrap_external.py
+@@ -1126,7 +1126,7 @@ def get_filename(self, fullname):
+ 
+     def get_data(self, path):
+         """Return the data from path as raw bytes."""
+-        if isinstance(self, (SourceLoader, ExtensionFileLoader)):
++        if isinstance(self, (SourceLoader, SourcelessFileLoader, ExtensionFileLoader)):
+             with _io.open_code(str(path)) as file:
+                 return file.read()
+         else:
+diff --git a/Misc/NEWS.d/next/Security/2026-03-04-18-59-17.gh-issue-145506.6hwvEh.rst b/Misc/NEWS.d/next/Security/2026-03-04-18-59-17.gh-issue-145506.6hwvEh.rst
+new file mode 100644
+index 000000000000000..edeb9e640c2732d
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2026-03-04-18-59-17.gh-issue-145506.6hwvEh.rst
+@@ -0,0 +1,2 @@
++Fixes CVE-2026-2297 by ensuring that ``SourcelessFileLoader`` uses
++:func:`io.open_code` when opening ``.pyc`` files.
diff --git a/python3.spec b/python3.spec
index ed011a4146728c6d3f9b7f7a704d4c9cb845c214..5f6b64bbce0596d673e91cf8f9984849038a9e4d 100644
--- a/python3.spec
+++ b/python3.spec
@@ -1,4 +1,4 @@
-%define anolis_release 24
+%define anolis_release 25
 %global pybasever 3.11
 
 # pybasever without the dot:
@@ -312,6 +312,9 @@ Patch0038: fix-CVE-2026-6019.patch
 # https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69
 Patch0039: fix-CVE-2026-1502.patch
 
+# https://github.com/python/cpython/commit/69ddd9bb2cc4bd69b1565647c18659c6a789ccd9.patch
+Patch001032: 001032-bugfix-for-CVE-2026-2297.patch
+
 # ==========================================
 # Descriptions, and metadata for subpackages
 # ==========================================
@@ -1583,6 +1586,9 @@ CheckPython optimized
 # ======================================================
 
 %changelog
+* Fri Jun 12 2026 tomcruiseqi <tomcruiseqi@inspur.com> - 3.11.6-25
+- Fix CVE-2026-2297
+
 * Wed May 20 2026 lzq11122 <lzq02303433@alibaba-inc.com> - 3.11.6-24
 - Add patch to fix CVE-2026-1502