Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    64 vulnerabilities by Python Software Foundation

    CVE-2026-4360 (GCVE-0-2026-4360)

    Vulnerability from nvd – Published: 2026-06-30 14:45 – Updated: 2026-07-07 17:01
    VLAI
    Title
    Tarfile.extract() doesn't fully respect filter parameter
    Summary
    In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract() function.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0 (python)
    Create a notification for this product.
    Credits
    Michael Scovetta (https://github.com/scovetta) Seth Larson (https://github.com/sethmlarson) Petr Viktorin (https://github.com/encukou)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T15:28:24.835246Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T15:28:30.201Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tarfile"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Michael Scovetta (https://github.com/scovetta)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Petr Viktorin (https://github.com/encukou)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter=\u0027data\u0027 to the extract() function."
                }
              ],
              "value": "In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter=\u0027data\u0027 to the extract() function."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T17:01:15.080Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/TWZW2PC2AZOV6FENIHFSRC63OM7MBGSB/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/151988"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/151987"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5e0ef3f1afe892e4f64eb83368db57ac4c40cba0"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7b57e8d51446297b8c7c482d224bc5f1938e4301"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7ccdbaba2c54250a70d7f25632152df7655a5e0a"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/eee3ddf0ca10283cc7fea724aae9cd8665f8d15e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d2b2f5eacab4dd48446b63340613b05dcbbf0b44"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Tarfile.extract() doesn\u0027t fully respect filter parameter",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-4360",
        "datePublished": "2026-06-30T14:45:35.601Z",
        "dateReserved": "2026-03-17T19:25:46.527Z",
        "dateUpdated": "2026-07-07T17:01:15.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11972 (GCVE-0-2026-11972)

    Vulnerability from nvd – Published: 2026-06-23 22:02 – Updated: 2026-06-30 15:13
    VLAI
    Title
    tarfile opened in streaming mode mishandles EOF
    Summary
    When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0 (python)
    Create a notification for this product.
    Credits
    Ryan Hileman (https://github.com/lunixbochs) Petr Viktorin (https://github.com/encukou) Stan Ulbrych (https://github.com/StanFromIreland)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11972",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-24T15:33:49.665045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T15:34:06.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tarfile"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ryan Hileman (https://github.com/lunixbochs)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Petr Viktorin (https://github.com/encukou)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "When using the \"tarfile\" module with a file opened in \"streaming mode\" (mode=\"r|\") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer."
                }
              ],
              "value": "When using the \"tarfile\" module with a file opened in \"streaming mode\" (mode=\"r|\") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-252",
                  "description": "CWE-252",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-606",
                  "description": "CWE-606",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:13:21.383Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/151981"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/151982"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AXPSKKTSRKXTTJULW3XSIC74WZNAAPPB/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/3f031d431f80668e14f3bc066bbf4369cd9281b9"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/4ce6bf7c8aa7725828a38981c306f214c1f29365"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7f0dc59c9a70f8f3b4da33d7c4a2ba552a7acc21"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e86666c9dd256d52d0fbef6feb1ea4a51768fdec"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/eb63c0f94dfcbea7fda8eab6213818e134d67192"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/f50bf13566189c8d0ce5a814f33eff3d89951896"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "tarfile opened in streaming mode mishandles EOF",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-11972",
        "datePublished": "2026-06-23T22:02:45.434Z",
        "dateReserved": "2026-06-11T11:35:05.520Z",
        "dateUpdated": "2026-06-30T15:13:21.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0864 (GCVE-0-2026-0864)

    Vulnerability from nvd – Published: 2026-06-23 17:42 – Updated: 2026-06-24 12:55
    VLAI
    Title
    Configuration Injection via Carriage Return (\r) in write() method
    Summary
    When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0 (python)
    Create a notification for this product.
    Credits
    D0n9 (https://github.com/D0n9) Petr Viktorin (https://github.com/encukou) Seth Larson (https://github.com/sethmlarson)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T18:34:23.504725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-74",
                    "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T18:34:49.788Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "D0n9 (https://github.com/D0n9)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Petr Viktorin (https://github.com/encukou)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "When using the \"configparser\" module to write configuration files\ncontaining multi-line text values with carriage return characters (\\r) the\nresulting file could be injected with unexpected keys and values if the\nattacker controls the written value."
                }
              ],
              "value": "When using the \"configparser\" module to write configuration files\ncontaining multi-line text values with carriage return characters (\\r) the\nresulting file could be injected with unexpected keys and values if the\nattacker controls the written value."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T12:55:42.471Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/151559"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CV4NE6AFCRJL7XQOHX7J5TSDHUWVWGJS/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/143927"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5858e42c539dac8394636a6e9b30472b8994851f"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/0adb386f6e68eb2e73d32e19f235d012df009528"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/71f2e02a52d47417a6fd69f456346cd8aa7aca98"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/aaf850fd333cd89e9aada03d92aaa788a6cb1bb8"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Configuration Injection via Carriage Return (\\r) in write() method",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-0864",
        "datePublished": "2026-06-23T17:42:01.947Z",
        "dateReserved": "2026-01-12T16:07:55.453Z",
        "dateUpdated": "2026-06-24T12:55:42.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11940 (GCVE-0-2026-11940)

    Vulnerability from nvd – Published: 2026-06-23 16:04 – Updated: 2026-06-30 15:13
    VLAI
    Title
    tarfile extraction filter bypass allows escaping the destination directory
    Summary
    tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself.  The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower path, letting a relative target the filter judged contained escape the destination directory.  This allowed a malicious tar archive to create a symlink pointing outside the destination, enabling out-of-destination file reads or writes. This was an incomplete fix of CVE-2025-4330.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0 (python)
    Create a notification for this product.
    Credits
    Haruki Oyama (https://github.com/harukioya) Stan Ulbrych (https://github.com/StanFromIreland) Petr Viktorin (https://github.com/encukou)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11940",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T17:57:25.652265Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T17:57:32.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Haruki Oyama (https://github.com/harukioya)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Petr Viktorin (https://github.com/encukou)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "\u003cspan\u003etarfile.extractall()\u003c/span\u003e with the \u003cspan\u003e\u0027data\u0027\u003c/span\u003e or \u003cspan\u003e\u0027tar\u0027\u003c/span\u003e\n filter could be bypassed by a crafted archive where a hardlink \nreferences a symlink stored at a deeper name than the hardlink itself.\u0026nbsp; \nThe extraction fallback validated the symlink at it\u0027s archived location \nbut recreated it at the hardlink\u0027s shallower\u003cbr\u003epath, letting a relative\n target the filter judged contained escape the destination directory.\u0026nbsp; \nThis allowed a malicious tar archive to create a symlink pointing \noutside the destination, enabling out-of-destination file reads or \nwrites. This was an incomplete fix of CVE-2025-4330."
                }
              ],
              "value": "tarfile.extractall() with the \u0027data\u0027 or \u0027tar\u0027\n filter could be bypassed by a crafted archive where a hardlink \nreferences a symlink stored at a deeper name than the hardlink itself.\u00a0 \nThe extraction fallback validated the symlink at it\u0027s archived location \nbut recreated it at the hardlink\u0027s shallower\npath, letting a relative\n target the filter judged contained escape the destination directory.\u00a0 \nThis allowed a malicious tar archive to create a symlink pointing \noutside the destination, enabling out-of-destination file reads or \nwrites. This was an incomplete fix of CVE-2025-4330."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:13:33.568Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/151559"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/LD6QIISNQFQYOIEPJNEUIPV7S3V76FZH/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/151558"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/27dd970bf6b17ebca7c8ed486a40ab043ed7af8f"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/672825e2f36a57e173959b0d9d409d4560dab8df"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/771d12dda5140313db0ac550292987975651bbde"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/79c06bd5c6afa3c440d50faf7ee1b147c8832b4c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/be13e86f6b9788a6f4d0419dffef72cbae5865c9"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "tarfile extraction filter bypass allows escaping the destination directory",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-11940",
        "datePublished": "2026-06-23T16:04:17.321Z",
        "dateReserved": "2026-06-10T19:50:59.923Z",
        "dateUpdated": "2026-06-30T15:13:33.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12003 (GCVE-0-2026-12003)

    Vulnerability from nvd – Published: 2026-06-16 15:18 – Updated: 2026-06-23 17:55
    VLAI
    Title
    CPython >3.11 Insecure Input Validation resulting in privilege escalation
    Summary
    To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python assumes it is running in a source tree and generates a different default sys.path. This code remains in release builds, so that release-ready builds can be built in-tree. On Windows, since builds are written to 'PCbuild/', the value of VPATH is set to '..\..', which results in a landmark of '..\..\Modules\setup.local'. This path is outside the install directory of Python, and may have different permissions, potentially allowing a low-privilege user to create the landmark and an alternative `Lib` folder that will be discovered by an otherwise restricted install. Such a setup occurs with the legacy default install location for all users (in the now superseded EXE installer), due to how Windows allows all users to create folders in the root directory of their OS drive. Our recommended mitigation on Windows is to migrate away from the legacy installer and use the new [Python install manager](https://www.python.org/downloads/latest/pymanager/) to install for the current user. Installs where the directory two levels above the Python installation directory have equivalent permissions are unaffected (in general, a per-user install cannot be modified at all by other users, removing any escalation of privilege risk, and could be directly modified by a privileged user, making the potential tampering irrelevant). Alternative mitigations might include preemptively creating and restricting access to a `Modules` directory. Be aware that only 3.13 and 3.14 will receive updated legacy installers - earlier fixes are only provided as sources. Platforms other than Windows allow VPATH to be overridden, but as they don't usually use a separated directory in the build for binaries, are unlikely to have a landmark reference outside of the install directory. The landmark detection involving VPATH is a fallback for when a more specific landmark - .\pybuilddir.txt - is absent, and was included for compatibility. Future releases of Python will no longer include the fallback, and so builds will need to generate or preserve the pybuilddir.txt file in order to work in-tree. This landmark file has been generated on Windows since 3.11, and on other platforms for longer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0b3 (python)
    Create a notification for this product.
    Credits
    Jake Yamaki (https://github.com/b6938236) Steve Dower (https://github.com/zooba)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T17:53:54.916961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T17:56:25.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-16T19:12:36.706Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/16/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0b3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Jake Yamaki (https://github.com/b6938236)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Steve Dower (https://github.com/zooba)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "To allow builds of Python to be run from an in-tree layout (rather than\u003cbr\u003ean installed file layout), the VPATH variable is defined at build time\u003cbr\u003eand used to locate certain landmarks - specifically,\u003cbr\u003eModules/setup.local. When this landmark is found relative to VPATH\u003cbr\u003erelative to the executable, Python assumes it is running in a source\u003cbr\u003etree and generates a different default sys.path. This code remains in\u003cbr\u003erelease builds, so that release-ready builds can be built in-tree.\u003cbr\u003e\u003cbr\u003eOn Windows, since builds are written to \u0027PCbuild/\u0027, the value of\u003cbr\u003eVPATH is set to \u0027..\\..\u0027, which results in a landmark of\u003cbr\u003e\u0027..\\..\\Modules\\setup.local\u0027. This path is outside the install directory\u003cbr\u003eof Python, and may have different permissions, potentially allowing a\u003cbr\u003elow-privilege user to create the landmark and an alternative `Lib`\u003cbr\u003efolder that will be discovered by an otherwise restricted install.\u003cbr\u003e\u003cbr\u003eSuch a setup occurs with the legacy default install location for all\u003cbr\u003eusers (in the now superseded EXE installer), due to how Windows allows\u003cbr\u003eall users to create folders in the root directory of their OS drive.\u003cbr\u003e\u003cbr\u003eOur recommended mitigation on Windows is to migrate away from the\u003cbr\u003elegacy installer and use the new [Python install\u003cbr\u003emanager](https://www.python.org/downloads/latest/pymanager/) to install\u003cbr\u003efor the current user. Installs where the directory two levels above the\u003cbr\u003ePython installation directory have equivalent permissions are unaffected\u003cbr\u003e(in general, a per-user install cannot be modified at all by other\u003cbr\u003eusers, removing any escalation of privilege risk, and could be directly\u003cbr\u003emodified by a privileged user, making the potential tampering\u003cbr\u003eirrelevant). Alternative mitigations might include preemptively creating\u003cbr\u003eand restricting access to a `Modules` directory. Be aware that only 3.13\u003cbr\u003eand 3.14 will receive updated legacy installers - earlier fixes are only\u003cbr\u003eprovided as sources.\u003cbr\u003e\u003cbr\u003ePlatforms other than Windows allow VPATH to be overridden, but as they\u003cbr\u003edon\u0027t usually use a separated directory in the build for binaries, are\u003cbr\u003eunlikely to have a landmark reference outside of the install directory.\u003cbr\u003e\u003cbr\u003eThe landmark detection involving VPATH is a fallback for when a more\u003cbr\u003especific landmark - .\\pybuilddir.txt - is absent, and was included for\u003cbr\u003ecompatibility. Future releases of Python will no longer include the\u003cbr\u003efallback, and so builds will need to generate or preserve the\u003cbr\u003epybuilddir.txt file in order to work in-tree. This landmark file has\u003cbr\u003ebeen generated on Windows since 3.11, and on other platforms for longer."
                }
              ],
              "value": "To allow builds of Python to be run from an in-tree layout (rather than\nan installed file layout), the VPATH variable is defined at build time\nand used to locate certain landmarks - specifically,\nModules/setup.local. When this landmark is found relative to VPATH\nrelative to the executable, Python assumes it is running in a source\ntree and generates a different default sys.path. This code remains in\nrelease builds, so that release-ready builds can be built in-tree.\n\nOn Windows, since builds are written to \u0027PCbuild/\u0027, the value of\nVPATH is set to \u0027..\\..\u0027, which results in a landmark of\n\u0027..\\..\\Modules\\setup.local\u0027. This path is outside the install directory\nof Python, and may have different permissions, potentially allowing a\nlow-privilege user to create the landmark and an alternative `Lib`\nfolder that will be discovered by an otherwise restricted install.\n\nSuch a setup occurs with the legacy default install location for all\nusers (in the now superseded EXE installer), due to how Windows allows\nall users to create folders in the root directory of their OS drive.\n\nOur recommended mitigation on Windows is to migrate away from the\nlegacy installer and use the new [Python install\nmanager](https://www.python.org/downloads/latest/pymanager/) to install\nfor the current user. Installs where the directory two levels above the\nPython installation directory have equivalent permissions are unaffected\n(in general, a per-user install cannot be modified at all by other\nusers, removing any escalation of privilege risk, and could be directly\nmodified by a privileged user, making the potential tampering\nirrelevant). Alternative mitigations might include preemptively creating\nand restricting access to a `Modules` directory. Be aware that only 3.13\nand 3.14 will receive updated legacy installers - earlier fixes are only\nprovided as sources.\n\nPlatforms other than Windows allow VPATH to be overridden, but as they\ndon\u0027t usually use a separated directory in the build for binaries, are\nunlikely to have a landmark reference outside of the install directory.\n\nThe landmark detection involving VPATH is a fallback for when a more\nspecific landmark - .\\pybuilddir.txt - is absent, and was included for\ncompatibility. Future releases of Python will no longer include the\nfallback, and so builds will need to generate or preserve the\npybuilddir.txt file in order to work in-tree. This landmark file has\nbeen generated on Windows since 3.11, and on other platforms for longer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T17:55:53.735Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/151545"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/151544"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://mail.python.org/archives/list/security-announce@python.org/thread/JIFOBO7UX3LY4VJKJUOKYJV62CFR2IRH/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/16c40f944b7bff724a403cf4902763d095bb4b2a"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/9e863fab283eddca9c2a8f9d1ee30f4dc243e314"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/a86de0bc236fbb9452f98998fc8437e9fca35700"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/b93d6d3399adbd3a5037b6b92fc3587c85ac5d56"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CPython \u003e3.11 Insecure Input Validation resulting in privilege escalation",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-12003",
        "datePublished": "2026-06-16T15:18:42.998Z",
        "dateReserved": "2026-06-11T17:05:37.519Z",
        "dateUpdated": "2026-06-23T17:55:53.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9669 (GCVE-0-2026-9669)

    Vulnerability from nvd – Published: 2026-06-08 22:01 – Updated: 2026-07-07 16:59
    VLAI
    Title
    bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
    Summary
    bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0 , < 3.14.6 (python)
    Affected: 3.15.0a1 , < 3.15.0b3 (python)
    Create a notification for this product.
    Credits
    Bitshift (https://github.com/TheShiftedBit) Emma Smith (https://github.com/emmatyping) Stan Ulbrych (https://github.com/StanFromIreland) Serhiy Storchaka (https://github.com/serhiy-storchaka)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-08T23:27:25.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/08/17"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9669",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T12:23:25.378543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T12:23:44.258Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "bz2"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b3",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bitshift (https://github.com/TheShiftedBit)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Emma Smith (https://github.com/emmatyping)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Serhiy Storchaka (https://github.com/serhiy-storchaka)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data."
                }
              ],
              "value": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T16:59:27.712Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/150600"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/DBJZETMGUIFK7DVUWMOXHD3Z6IX2QPSX/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/150599"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/938ec030e90c5e53f1faac6fab1643f14e4f4a79"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-9669",
        "datePublished": "2026-06-08T22:01:15.420Z",
        "dateReserved": "2026-05-27T03:13:18.152Z",
        "dateUpdated": "2026-07-07T16:59:27.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7774 (GCVE-0-2026-7774)

    Vulnerability from nvd – Published: 2026-06-04 14:21 – Updated: 2026-07-07 16:59
    VLAI
    Title
    tarfile.data_filter path traversal bypass allows writing outside the extraction directory
    Summary
    tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0 , < 3.14.6 (python)
    Affected: 3.15.0a1 , < 3.15.0b2 (python)
    Create a notification for this product.
    Credits
    Phùng Siêu Đạt (OPSWAT Unit 515) Seth Larson (https://github.com/sethmlarson) Gregory P. Smith (https://github.com/gpshead) Petr Viktorin (https://github.com/encukou) Stan Ulbrych (https://github.com/StanFromIreland)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T17:27:23.917872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T17:27:34.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-04T18:45:41.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/04/9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tarfile"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b2",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ph\u00f9ng Si\u00eau \u0110\u1ea1t (OPSWAT Unit 515)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Gregory P. Smith (https://github.com/gpshead)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Petr Viktorin (https://github.com/encukou)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process."
                }
              ],
              "value": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T16:59:55.298Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/149487"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/149486"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/4FU62L2M6RMMHT2QPGQNPEHHUND7CEX5/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/0478bd83d82b255e0f29f613367a59d261e7eaa2"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/0d28f5e46e151718972dfabd91205444d0037b6d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/578411982c16f753f4893532510099ef665117da"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5cf47a248c35c375d610b87b2f72fd1ed454b558"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/74cca9a92fb7d653e404843a56b8bdc7b0afdbbf"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/10a13bee3c24f9c62b602e696334ff2272a40efc"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c063191cb7f9170f9565e305f8aa2b79ab2bf609"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "tarfile.data_filter path traversal bypass allows writing outside the extraction directory",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-7774",
        "datePublished": "2026-06-04T14:21:23.904Z",
        "dateReserved": "2026-05-04T14:47:51.154Z",
        "dateUpdated": "2026-07-07T16:59:55.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3276 (GCVE-0-2026-3276)

    Vulnerability from nvd – Published: 2026-06-03 14:29 – Updated: 2026-06-16 14:54
    VLAI
    Title
    Potential DoS via quadratic complexity in unicodedata.normalize()
    Summary
    unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0 , < 3.14.6 (python)
    Affected: 3.15.0a1 , < 3.15.0b2 (python)
    Create a notification for this product.
    Credits
    Seokchan Yoon (https://github.com/ch4n3-yoon) Tim Peters (https://github.com/tim-one) Bénédikt Tran (https://github.com/picnixz) Serhiy Storchaka (https://github.com/serhiy-storchaka) Stan Ulbrych (https://github.com/StanFromIreland) Seth Larson (https://github.com/sethmlarson) Petr Viktorin (https://github.com/encukou)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3276",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T17:27:09.393265Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T17:27:19.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-03T19:18:17.828Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/03/15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b2",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Seokchan Yoon (https://github.com/ch4n3-yoon)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Tim Peters (https://github.com/tim-one)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "B\u00e9n\u00e9dikt Tran (https://github.com/picnixz)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Serhiy Storchaka (https://github.com/serhiy-storchaka)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Petr Viktorin (https://github.com/encukou)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eunicodedata.normalize()\u003c/span\u003e can take excessive CPU time when processing\u003cbr\u003especially crafted Unicode input containing long runs of combining characters\u003cbr\u003ewith alternating Canonical Combining Class values.\u003cbr\u003eThis affects all normalization forms."
                }
              ],
              "value": "unicodedata.normalize() can take excessive CPU time when processing\nspecially crafted Unicode input containing long runs of combining characters\nwith alternating Canonical Combining Class values.\nThis affects all normalization forms."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "CWE-407",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T14:54:50.442Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PP5HB4K7727OBBM76KA2ILID76K3OZGZ/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/149080"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/149079"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/6b505d1f41f8f3ea0fe5a4786d3a8fff1875cfc0"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/991224b1e8311c85f198f6dd8208bf8cff7fc26f"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ba785b88add96acbf403d65cb157fb2743a33a32"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c5512bd7c1dc28055660565275012766941d3066"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/90748760d38ca3ac5fc6788a69becab905c95598"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Potential DoS via quadratic complexity in unicodedata.normalize()",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3276",
        "datePublished": "2026-06-03T14:29:39.727Z",
        "dateReserved": "2026-02-26T15:19:46.862Z",
        "dateUpdated": "2026-06-16T14:54:50.442Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8328 (GCVE-0-2026-8328)

    Vulnerability from nvd – Published: 2026-05-13 20:14 – Updated: 2026-06-30 15:09
    VLAI
    Title
    FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
    Summary
    The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side request forgery (SSRF)
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0 , < 3.14.6 (python)
    Affected: 3.15.0a1 , < 3.15.0b2 (python)
    Create a notification for this product.
    Credits
    Qi Deng (https://github.com/ikow) Bénédikt Tran (https://github.com/picnixz) Gregory P. Smith (https://github.com/gpshead)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8328",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T12:49:18.311219Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T12:49:39.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "ftplib"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b2",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Qi Deng (https://github.com/ikow)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "B\u00e9n\u00e9dikt Tran (https://github.com/picnixz)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Gregory P. Smith (https://github.com/gpshead)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "\u003cdiv\u003eThe ftpcp() function in Lib/ftplib.py was not updated when \nCVE-2021-4189 was fixed. While makepasv() was patched to replace \nserver-supplied PASV host addresses with the actual peer address \n(getpeername()[0]), ftpcp() still calls parse227() directly and passes \nthe raw attacker-controllable IP address and port to target.sendport(). This patch is related to\u0026nbsp;CVE-2021-4189.\u003c/div\u003e"
                }
              ],
              "value": "The ftpcp() function in Lib/ftplib.py was not updated when \nCVE-2021-4189 was fixed. While makepasv() was patched to replace \nserver-supplied PASV host addresses with the actual peer address \n(getpeername()[0]), ftpcp() still calls parse227() directly and passes \nthe raw attacker-controllable IP address and port to target.sendport(). This patch is related to\u00a0CVE-2021-4189."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side request forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:09:29.230Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/87451"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/149648"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ITF2BAPBQEPYK3LDMPRSY435JGNHYNDP/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5dadc64673ce875ebfb24163907777dae0f6ca06"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7d95a1dc7382b55cba7fdd6a110336077584a4f0"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/bb3446dda6c49b32e67c11dbbbf221b40be00763"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c88704431ea3248ca769384c13856330976fac1d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/eac4fe3b2c77693790a5ef7dfab127c1fee81bf9"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/2bbcf3fb7a420a05605576c0f9468d4675381b5f"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ef12d0dc824baccf737bba1458e5eed3d1e0fceb"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-8328",
        "datePublished": "2026-05-13T20:14:33.751Z",
        "dateReserved": "2026-05-11T15:06:00.859Z",
        "dateUpdated": "2026-06-30T15:09:29.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7210 (GCVE-0-2026-7210)

    Vulnerability from nvd – Published: 2026-05-11 17:19 – Updated: 2026-06-10 18:57
    VLAI
    Title
    The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
    Summary
    `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0 , < 3.14.6 (python)
    Affected: 3.15.0a1 , < 3.15.0b2 (python)
    Create a notification for this product.
    Credits
    Stan Ulbrych (https://github.com/StanFromIreland) Gregory P. Smith (https://github.com/gpshead)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T18:53:57.884366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T18:54:12.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-11T20:34:17.811Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/11/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/11/13"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "xml",
                "expat"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b2",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Gregory P. Smith (https://github.com/gpshead)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch."
                }
              ],
              "value": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331 Insufficient entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:57:50.682Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PNY5OMBDPM2FRUZTWFFPJ6LISWKV627K/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/149023"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/149018"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/24b8f12544468e4cedf5bfbe25442fcd495391e4"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/3573b3b1ecbd99030a0b18658e1bfece771b2566"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/eeea765cb9d8f1fc3d8918b272ac3c477983f27a"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/fc9b11ff49cbc82e6f917d07a61517a2b5f3145f"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-7210",
        "datePublished": "2026-05-11T17:19:09.784Z",
        "dateReserved": "2026-04-27T14:43:40.042Z",
        "dateUpdated": "2026-06-10T18:57:50.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3087 (GCVE-0-2026-3087)

    Vulnerability from nvd – Published: 2026-04-27 20:46 – Updated: 2026-06-10 18:04
    VLAI
    Title
    shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
    Summary
    If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Credits
    Serhiy Storchaka (https://github.com/serhiy-storchaka) Seth Larson (https://github.com/sethmlarson) GGAutomaton (https://github.com/GGAutomaton)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-28T05:07:42.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/28/9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3087",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-28T13:38:08.747185Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-28T14:35:55.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "shutil"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Serhiy Storchaka (https://github.com/serhiy-storchaka)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "GGAutomaton (https://github.com/GGAutomaton)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability."
                }
              ],
              "value": "If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:04:43.260Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/146591"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/146581"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ab5ef98af693bded74a738570e81ea70abef2840"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/b01e594fbe754a960212f908d047294e880b52fd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/fc829e88753858c8ac669594bf0093f44948c0f4"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/65b255416ae217bf0e22085be3c1976cea18bd8c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/8e13025747e1ca72e86d1f35637123f9c306f0cb"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/8ee6aff14054b37b53e47194a2fa313e98163c94"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ba0aca3bffce431fe2fbd53ca4cd6a717a2e2c19"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "shutil.unpack_archive() doesn\u0027t check for Windows absolute paths in ZIPs",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3087",
        "datePublished": "2026-04-27T20:46:43.201Z",
        "dateReserved": "2026-02-23T23:14:46.433Z",
        "dateUpdated": "2026-06-10T18:04:43.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6019 (GCVE-0-2026-6019)

    Vulnerability from nvd – Published: 2026-04-22 19:28 – Updated: 2026-06-10 18:58
    VLAI
    Title
    BaseCookie.js_output() does not neutralize embedded characters
    Summary
    http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-150 - Improper neutralization of escape, meta, or control sequences
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Credits
    oolongeya (https://github.com/komi22) Seth Larson (https://github.com/sethmlarson)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6019",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T20:02:17.071906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T20:02:34.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "oolongeya (https://github.com/komi22)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ccode\u003ehttp.cookies.Morsel.js_output()\u003c/code\u003e returns an inline \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e snippet and only escapes \u003ccode\u003e\"\u003c/code\u003e for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence \u003ccode\u003e\u0026lt;/script\u0026gt;\u003c/code\u003e inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value."
                }
              ],
              "value": "http.cookies.Morsel.js_output() returns an inline \u003cscript\u003e snippet and only escapes \" for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence \u003c/script\u003e inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-150",
                  "description": "CWE-150 Improper neutralization of escape, meta, or control sequences",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:58:07.798Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/148848"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/90309"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/f795e042043dfe26c42e1971d4502c1cdc4c65b8"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "BaseCookie.js_output() does not neutralize embedded characters",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-6019",
        "datePublished": "2026-04-22T19:28:08.720Z",
        "dateReserved": "2026-04-09T15:35:00.668Z",
        "dateUpdated": "2026-06-10T18:58:07.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3298 (GCVE-0-2026-3298)

    Vulnerability from nvd – Published: 2026-04-21 14:45 – Updated: 2026-06-10 18:05
    VLAI
    Title
    Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
    Summary
    The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 3.11.0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Credits
    GGAutomaton (https://github.com/GGAutomaton) Victor Stinner (https://github.com/vstinner) Seth Larson (https://github.com/sethmlarson)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3298",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-21T19:15:36.206348Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-21T19:15:44.557Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "3.11.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "GGAutomaton (https://github.com/GGAutomaton)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Victor Stinner (https://github.com/vstinner)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected."
                }
              ],
              "value": "The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:05:02.868Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/148809"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/148808"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3298",
        "datePublished": "2026-04-21T14:45:01.919Z",
        "dateReserved": "2026-02-26T20:12:47.041Z",
        "dateUpdated": "2026-06-10T18:05:02.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5713 (GCVE-0-2026-5713)

    Vulnerability from nvd – Published: 2026-04-14 15:11 – Updated: 2026-06-10 18:58
    VLAI
    Title
    Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target
    Summary
    The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 3.14.0 , < 3.14.5 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Credits
    Nicholas Gould (https://github.com/gouldnicholas) Pablo Galindo Salgado Pablo Galindo Salgado
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5713",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T15:49:26.893551Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T15:49:38.323Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-15T17:24:22.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.14.5",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Nicholas Gould (https://github.com/gouldnicholas)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Pablo Galindo Salgado"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Pablo Galindo Salgado"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR."
                }
              ],
              "value": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:58:12.898Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/148187"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/148178"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/316f6265b7f9ca4ffed5346b747475ef1943f35d"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-5713",
        "datePublished": "2026-04-14T15:11:51.122Z",
        "dateReserved": "2026-04-06T17:16:14.111Z",
        "dateUpdated": "2026-06-10T18:58:12.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4786 (GCVE-0-2026-4786)

    Vulnerability from nvd – Published: 2026-04-13 21:52 – Updated: 2026-07-06 12:05
    VLAI
    Title
    Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
    Summary
    Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    PSF
    References
    URL Tags
    https://github.com/python/cpython/pull/148170 patch
    https://github.com/python/cpython/issues/148169 issue-tracking
    https://mail.python.org/archives/list/security-an… vendor-advisory
    https://github.com/python/cpython/commit/c5767a72… patch
    https://github.com/python/cpython/commit/d22922c8… patch
    https://github.com/python/cpython/commit/f4654824… patch
    https://github.com/python/cpython/commit/28b4ad38… patch
    https://github.com/python/cpython/commit/d6d68494… patch
    https://access.redhat.com/security/cve/CVE-2026-4786 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2458049 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:22144 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19589 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35838 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13812 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16699 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10711 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19064 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19019 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28581 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11077 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11062 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10950 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19590 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17619 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19549 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19571 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19570 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13692 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21682 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14653 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17525 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14652 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14656 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10949 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10774 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10745 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19216 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19175 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19177 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19176 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28247 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30078 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30088 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10140 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8822 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8824 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10117 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9228 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11768 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21275 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)     cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)     cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Middleware Containers for OpenShift     cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.2     cpe:/a:redhat:ai_inference_server:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3     cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3     cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 5     cpe:/a:redhat:rhui:5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Credits
    an7y Seth Larson Stan Ulbrych
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T13:43:47.712946Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T13:43:54.704Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhosemc:1.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Middleware Containers for OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhui:5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Update Infrastructure 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-13T21:52:19.036Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-88",
                    "description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T12:05:01.259Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-4786"
              },
              {
                "name": "RHBZ#2458049",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4786.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22144"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19589"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35838"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13812"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16699"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10711"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19064"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19019"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28581"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11077"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11062"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10950"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19590"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17619"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19549"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26187"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19571"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19570"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13692"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21682"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14653"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17525"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19576"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14652"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14656"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10949"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10774"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10745"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19216"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19175"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19177"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19176"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28247"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25096"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30078"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30089"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30088"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10140"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10141"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8822"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8824"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10117"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9228"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11768"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21275"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:22144: Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION), Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19589: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35838: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13812: Middleware Containers for OpenShift"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16699: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10711: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19064: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19019: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28581: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11077: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11062: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10950: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19590: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17619: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19549: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26187: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19571: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19570: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13692: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21682: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14653: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17525: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19576: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14652: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14656: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10949: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10774: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10745: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19216: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19175: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19177: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19176: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28247: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25096: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30078: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30089: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30088: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30087: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10140: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10141: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8822: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8824: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10117: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9228: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11768: Red Hat Update Infrastructure 5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21275: Red Hat Update Infrastructure 5"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-13T22:01:38.006Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-13T21:52:19.036Z",
                "value": "Made public."
              }
            ],
            "title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "an7y"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stan Ulbrych"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "Mitgation of\u0026nbsp;CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See\u0026nbsp;CVE-2026-4519 for details."
                }
              ],
              "value": "Mitgation of\u00a0CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See\u00a0CVE-2026-4519 for details."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T19:01:31.611Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/148170"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/148169"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-4786",
        "datePublished": "2026-04-13T21:52:19.036Z",
        "dateReserved": "2026-03-24T19:25:48.269Z",
        "dateUpdated": "2026-07-06T12:05:01.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6100 (GCVE-0-2026-6100)

    Vulnerability from nvd – Published: 2026-04-13 17:15 – Updated: 2026-07-03 12:05
    VLAI
    Title
    Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
    Summary
    Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    References
    URL Tags
    https://github.com/python/cpython/pull/148396 patch
    https://mail.python.org/archives/list/security-an… vendor-advisory
    https://github.com/python/cpython/issues/148395 issue-tracking
    https://github.com/python/cpython/commit/6a5f79c8… patch
    https://github.com/python/cpython/commit/8fc66aef… patch
    https://github.com/python/cpython/commit/c3cf71c3… patch
    https://github.com/python/cpython/commit/47128e64… patch
    https://github.com/python/cpython/commit/e20c6c96… patch
    http://www.openwall.com/lists/oss-security/2026/0…
    https://access.redhat.com/security/cve/CVE-2026-6100 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2457932 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:13812 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16699 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10711 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19064 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19019 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11077 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11062 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10950 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19590 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17619 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19549 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19571 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19570 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13692 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21682 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14653 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17525 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14652 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14656 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10949 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10774 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10745 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19216 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19175 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19177 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19176 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30078 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30088 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10140 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8822 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8824 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10117 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9228 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11768 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21275 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Red Hat Middleware Containers for OpenShift     cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.2     cpe:/a:redhat:ai_inference_server:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3     cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3     cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 5     cpe:/a:redhat:rhui:5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI) 3     cpe:/a:redhat:enterprise_linux_ai:3
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Credits
    Ryan Hileman Stan Ulbrych Seth Larson Stan Ulbrych Ryan Hileman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6100",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T19:21:03.412763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T19:21:10.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-13T19:29:27.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/13/10"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:rhosemc:1.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Middleware Containers for OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhui:5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Update Infrastructure 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-13T17:15:47.606Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Python\u0027s decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-825",
                    "description": "Expired Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T12:05:13.620Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-6100"
              },
              {
                "name": "RHBZ#2457932",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6100.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13812"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16699"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10711"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19064"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19019"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11077"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11062"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10950"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19590"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17619"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19549"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26187"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19571"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19570"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13692"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21682"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14653"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17525"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19576"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14652"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14656"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10949"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10774"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10745"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19216"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19175"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19177"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19176"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25096"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30078"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30089"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30088"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10140"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10141"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8822"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8824"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10117"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9228"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11768"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21275"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:13812: Middleware Containers for OpenShift"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16699: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10711: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19064: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19019: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11077: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11062: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10950: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19590: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17619: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19549: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26187: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19571: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19570: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13692: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21682: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14653: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17525: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19576: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14652: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14656: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10949: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10774: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10745: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19216: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19175: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19177: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19176: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25096: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30078: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30089: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30088: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30087: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10140: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10141: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8822: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8824: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10117: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9228: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11768: Red Hat Update Infrastructure 5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21275: Red Hat Update Infrastructure 5"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-13T18:01:31.970Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-13T17:15:47.606Z",
                "value": "Made public."
              }
            ],
            "title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ryan Hileman"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stan Ulbrych"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Stan Ulbrych"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Ryan Hileman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\u003cbr\u003e\u003cbr\u003eThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable."
                }
              ],
              "value": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\n\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:58:01.371Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/148396"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/148395"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-6100",
        "datePublished": "2026-04-13T17:15:47.606Z",
        "dateReserved": "2026-04-10T21:13:45.428Z",
        "dateUpdated": "2026-07-03T12:05:13.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3446 (GCVE-0-2026-3446)

    Vulnerability from nvd – Published: 2026-04-10 18:17 – Updated: 2026-04-13 16:07
    VLAI
    Title
    Base64 decoding stops at first padded quad by default
    Summary
    When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "validate=True" to enable stricter processing of base64 data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Credits
    Serhiy Storchaka
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3446",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T16:06:04.489473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-345",
                    "description": "CWE-345 Insufficient Verification of Data Authenticity",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T16:07:24.229Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "base64"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Serhiy Storchaka"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use \"validate=True\" to enable stricter processing of base64 data."
                }
              ],
              "value": "When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use \"validate=True\" to enable stricter processing of base64 data."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T18:26:41.904Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/145267"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/145264"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/4561f6418a691b3e89aef0901f53fe0dfb7f7c0e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e31c55121620189a0d1a07b689762d8ca9c1b7fa"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Base64 decoding stops at first padded quad by default",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3446",
        "datePublished": "2026-04-10T18:17:35.045Z",
        "dateReserved": "2026-03-02T16:15:14.567Z",
        "dateUpdated": "2026-04-13T16:07:24.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1502 (GCVE-0-2026-1502)

    Vulnerability from nvd – Published: 2026-04-10 17:54 – Updated: 2026-06-30 15:12
    VLAI
    Title
    HTTP client proxy tunnel headers not validated for CR/LF
    Summary
    CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Credits
    senseicat Seth Larson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-11T04:39:26.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/11/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1502",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T16:08:30.380828Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-93",
                    "description": "CWE-93 Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-10T20:05:37.267Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "http.client",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "senseicat"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host."
                }
              ],
              "value": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:12:43.900Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/146212"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/146211"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2ed"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/9e071c9b28c17f347f81b388a003d4eeb3c7a8dd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c00c386faa579ad71196d33408644478488e43ec"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/56b7100b04e44ea27989242b176beb8f016b2c53"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/58703ec1bdd1eb075e8b01a0c427683ce594dd3e"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTTP client proxy tunnel headers not validated for CR/LF",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-1502",
        "datePublished": "2026-04-10T17:54:44.121Z",
        "dateReserved": "2026-01-27T19:10:37.711Z",
        "dateUpdated": "2026-06-30T15:12:43.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5271 (GCVE-0-2026-5271)

    Vulnerability from nvd – Published: 2026-04-01 13:48 – Updated: 2026-04-01 23:12
    VLAI
    Title
    Possible to hijack modules in current working directory
    Summary
    pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command (e.g., pip, pytest) from an attacker-controlled directory, a malicious module in that directory can be imported and executed instead of the intended package.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation pymanager Affected: 26.0 , < 26.1 (python)
    Create a notification for this product.
    Credits
    Steve Dower LAKSHMIKANTHAN K
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5271",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T17:58:52.079116Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T17:58:58.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python/pymanager/security/advisories/GHSA-jr5x-hgm4-rrm6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-01T23:12:18.741Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/01/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "pymanager",
              "repo": "https://github.com/python/pymanager",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "26.0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Steve Dower"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "LAKSHMIKANTHAN K"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory.\u0026nbsp;As a result, if a user executes a pymanager-generated command (e.g., \u003ccode\u003epip\u003c/code\u003e, \u003ccode\u003epytest\u003c/code\u003e)\n from an attacker-controlled directory, a malicious module in that \ndirectory can be imported and executed instead of the intended package."
                }
              ],
              "value": "pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory.\u00a0As a result, if a user executes a pymanager-generated command (e.g., pip, pytest)\n from an attacker-controlled directory, a malicious module in that \ndirectory can be imported and executed instead of the intended package."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T15:38:55.523Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/python/pymanager/security/advisories/GHSA-jr5x-hgm4-rrm6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible to hijack modules in current working directory",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-5271",
        "datePublished": "2026-04-01T13:48:07.534Z",
        "dateReserved": "2026-03-31T20:02:35.393Z",
        "dateUpdated": "2026-04-01T23:12:18.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4519 (GCVE-0-2026-4519)

    Vulnerability from nvd – Published: 2026-03-20 15:08 – Updated: 2026-06-30 12:10
    VLAI
    Title
    webbrowser.open() allows leading dashes in URLs
    Summary
    The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    PSF
    References
    URL Tags
    https://github.com/python/cpython/pull/143931 patch
    https://github.com/python/cpython/issues/143930 issue-tracking
    https://mail.python.org/archives/list/security-an… vendor-advisory
    https://github.com/python/cpython/commit/43fe06b9… patch
    https://github.com/python/cpython/commit/82a24a44… patch
    https://github.com/python/cpython/commit/9669a912… patch
    https://github.com/python/cpython/commit/ad4d5ba3… patch
    https://github.com/python/cpython/commit/ceac1efc… patch
    https://github.com/python/cpython/commit/cbba6119… patch
    https://github.com/python/cpython/commit/3681d47a… patch
    https://github.com/python/cpython/commit/591ed890… patch
    https://github.com/python/cpython/commit/594b5a05… patch
    https://github.com/python/cpython/commit/89bfb8e5… patch
    https://github.com/python/cpython/commit/96fc5048… patch
    https://github.com/python/cpython/commit/cc023511… patch
    http://www.openwall.com/lists/oss-security/2026/03/20/1
    https://access.redhat.com/security/cve/CVE-2026-4519 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2449649 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:10102 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9614 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9745 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13812 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7244 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6256 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19064 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19019 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6473 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6281 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6283 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9387 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9621 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9386 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9289 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9591 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9261 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9262 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9260 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10101 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9042 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9354 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9705 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7010 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6766 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6286 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6285 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19216 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19175 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19177 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19176 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7335 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19724 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19725 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16008 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8748 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8746 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16030 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8747 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16174 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7329 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10140 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6016 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7443 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7661 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21275 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10065 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)     cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)     cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Middleware Containers for OpenShift     cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v. 8.2)     cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v. 8.2)     cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.2     cpe:/a:redhat:ai_inference_server:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3     cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2     cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3     cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 5     cpe:/a:redhat:rhui:5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Credits
    Seth Larson Gregory P. Smith an7y
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-20T20:07:08.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/20/1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T14:30:47.809505Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T14:31:16.543Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhosemc:1.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Middleware Containers for OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:discovery:2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Discovery 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhui:5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Update Infrastructure 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-20T15:08:32.576Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-88",
                    "description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:10:40.969Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-4519"
              },
              {
                "name": "RHBZ#2449649",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4519.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10102"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9614"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9745"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13812"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7244"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6256"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19064"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19019"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6473"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6281"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6283"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9387"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9621"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9386"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9289"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9591"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9261"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9262"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9260"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10101"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9042"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9354"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9705"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7010"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6766"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6286"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6285"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19216"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19175"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19177"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19176"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25096"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7335"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19724"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19725"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16008"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8748"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8746"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16030"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8747"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16009"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16174"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7329"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10140"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10141"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6016"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6035"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7443"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7661"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21275"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10065"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:10102: Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION), Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9614: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9745: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13812: Middleware Containers for OpenShift"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7244: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6256: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19064: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19019: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6473: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6281: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6283: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9387: Red Hat Enterprise Linux AppStream AUS (v. 8.2), Red Hat Enterprise Linux BaseOS AUS (v. 8.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9621: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9386: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9289: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9591: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9261: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9262: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9260: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10101: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9042: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10111: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9354: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9705: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7010: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6766: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6286: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6285: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19216: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19175: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19177: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19176: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25096: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7335: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19724: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19725: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16008: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8748: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8746: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16030: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8747: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16009: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16174: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7329: Red Hat Discovery 2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10140: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10141: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6016: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6035: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7443: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7661: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21275: Red Hat Update Infrastructure 5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10065: Red Hat Update Infrastructure 5"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-20T16:02:13.494Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-20T15:08:32.576Z",
                "value": "Made public."
              }
            ],
            "title": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "webbrowser"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Gregory P. Smith"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "an7y"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open()."
                }
              ],
              "value": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open()."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T21:47:40.137Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/143931"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/143930"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "webbrowser.open() allows leading dashes in URLs",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-4519",
        "datePublished": "2026-03-20T15:08:32.576Z",
        "dateReserved": "2026-03-20T15:01:11.126Z",
        "dateUpdated": "2026-06-30T12:10:40.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3479 (GCVE-0-2026-3479)

    Vulnerability from nvd – Published: 2026-03-18 18:13 – Updated: 2026-04-07 22:01 Disputed
    VLAI
    Title
    pkgutil.get_data() does not enforce documented restrictions
    Summary
    DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3479",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T18:50:20.603616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T18:50:41.609Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "pkgutil"
              ],
              "product": "CPython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model.\u003c/p\u003e\u003cp\u003epkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.\u003c/p\u003e"
                }
              ],
              "value": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model.\n\npkgutil.get_data() did not validate the resource argument as documented, allowing path traversals."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 0,
                "baseSeverity": "NONE",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T22:01:35.724Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/146122"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYLLVQOOCKGK73JM7Z7ZSNOJC4N7BAWY/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/146121"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/bcdf231946b1da8bdfbab4c05539bb0cc964a1c7"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5af6ce3e7b643a30a02d22245c1e3f4a8bc0a1fe"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/cf59bf76470f3d75ad47d80ffb8ce76b64b5e943"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d786d59a8f7196bb630100a869f28ad13436b59c"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "disputed"
          ],
          "title": "pkgutil.get_data() does not enforce documented restrictions",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3479",
        "datePublished": "2026-03-18T18:13:42.288Z",
        "dateReserved": "2026-03-03T14:18:35.394Z",
        "dateUpdated": "2026-04-07T22:01:35.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4224 (GCVE-0-2026-4224)

    Vulnerability from nvd – Published: 2026-03-16 17:52 – Updated: 2026-04-08 12:55
    VLAI
    Title
    Stack overflow parsing XML with deeply nested DTD content models
    Summary
    When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Credits
    Gil Portnoy Stan Ulbrych Bénédikt Tran Stan Ulbrych
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4224",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T18:20:48.548008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-674",
                    "description": "CWE-674 Uncontrolled Recursion",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T18:21:11.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-16T23:08:21.692Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/16/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Gil Portnoy"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stan Ulbrych"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "B\u00e9n\u00e9dikt Tran"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Stan Ulbrych"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs."
                }
              ],
              "value": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T12:55:03.693Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/145986"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/145987"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack overflow parsing XML with deeply nested DTD content models",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-4224",
        "datePublished": "2026-03-16T17:52:26.639Z",
        "dateReserved": "2026-03-15T18:10:54.886Z",
        "dateUpdated": "2026-04-08T12:55:03.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3644 (GCVE-0-2026-3644)

    Vulnerability from nvd – Published: 2026-03-16 17:37 – Updated: 2026-06-30 15:11
    VLAI
    Title
    Incomplete control character validation in http.cookies
    Summary
    The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Credits
    Stan Ulbrych Stan Ulbrych Victor Stinner Seth Larson Vyom Yadav
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3644",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T18:25:27.051552Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-116",
                    "description": "CWE-116 Improper Encoding or Escaping of Output",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T18:25:55.021Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "http.cookies"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Stan Ulbrych"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stan Ulbrych"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Victor Stinner"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Seth Larson"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Vyom Yadav"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output()."
                }
              ],
              "value": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output()."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:11:21.792Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/145599"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/145600"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/556aa098e738b127c714866f819b4abe2f7593d8"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/dae4b1a21f8df4570e30986affd61bbe4ade4cef"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incomplete control character validation in http.cookies",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3644",
        "datePublished": "2026-03-16T17:37:31.344Z",
        "dateReserved": "2026-03-06T16:13:09.289Z",
        "dateUpdated": "2026-06-30T15:11:21.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13462 (GCVE-0-2025-13462)

    Vulnerability from nvd – Published: 2026-03-12 17:59 – Updated: 2026-06-04 14:02
    VLAI
    Title
    tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
    Summary
    The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    • CWE-20 - Improper Input Validation
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T19:09:23.808172Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-74",
                    "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T19:09:51.230Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tarfile"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations."
                }
              ],
              "value": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T14:02:48.304Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/143934"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/141707"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/72dde1016493c52abe857fc4a7bf6c40138b4114"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/9a23b753552afa28e3a2f4d8863572fc66479406"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d10950739a78f54d0718d88fb5a868374603c084"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2025-13462",
        "datePublished": "2026-03-12T17:59:26.620Z",
        "dateReserved": "2025-11-19T22:05:07.578Z",
        "dateUpdated": "2026-06-04T14:02:48.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2297 (GCVE-0-2026-2297)

    Vulnerability from nvd – Published: 2026-03-04 22:10 – Updated: 2026-05-01 15:13
    VLAI
    Title
    SourcelessFileLoader does not use io.open_code()
    Summary
    The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a7 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-05T18:35:25.713Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/05/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T14:58:41.472003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-668",
                    "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T14:58:46.051Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a7",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The import hook in CPython that handles legacy \u003ccode\u003e*.pyc\u003c/code\u003e files (\u003ccode\u003eSourcelessFileLoader\u003c/code\u003e) is incorrectly handled in \u003ccode\u003eFileLoader\u003c/code\u003e (a base class) and so does not use \u003ccode\u003eio.open_code()\u003c/code\u003e to read the \u003ccode\u003e.pyc\u003c/code\u003e files. sys.audit handlers for this audit event therefore do not fire."
                }
              ],
              "value": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-01T15:13:05.340Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/145506"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/145507"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/69ddd9bb2cc4bd69b1565647c18659c6a789ccd9"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/876858c9f65d9ab656c7fa639f268ce7856d89dd"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SourcelessFileLoader does not use io.open_code()",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-2297",
        "datePublished": "2026-03-04T22:10:43.297Z",
        "dateReserved": "2026-02-10T16:26:08.298Z",
        "dateUpdated": "2026-05-01T15:13:05.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1299 (GCVE-0-2026-1299)

    Vulnerability from nvd – Published: 2026-01-23 16:27 – Updated: 2026-03-03 14:43
    VLAI
    Title
    email BytesGenerator header injection due to unquoted newlines
    Summary
    The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.10.20 (python)
    Affected: 3.11.0 , < 3.11.15 (python)
    Affected: 3.12.0 , < 3.12.13 (python)
    Affected: 3.13.0 , < 3.13.12 (python)
    Affected: 3.14.0 , < 3.14.3 (python)
    Affected: 3.15.0a1 , < 3.15.0a6 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-23T16:55:59.722632Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-23T16:56:22.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "email"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.10.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.11.15",
                  "status": "affected",
                  "version": "3.11.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.12.13",
                  "status": "affected",
                  "version": "3.12.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.13.12",
                  "status": "affected",
                  "version": "3.13.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.3",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a6",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The \nemail module, specifically the \"BytesGenerator\" class, didn\u2019t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized. This is only applicable if using \"LiteralHeader\" writing headers that don\u0027t respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\"."
                }
              ],
              "value": "The \nemail module, specifically the \"BytesGenerator\" class, didn\u2019t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized. This is only applicable if using \"LiteralHeader\" writing headers that don\u0027t respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\"."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "CWE-93",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-03T14:43:35.655Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/144126"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/144125"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://cve.org/CVERecord?id=CVE-2024-6923"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "email BytesGenerator header injection due to unquoted newlines",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-1299",
        "datePublished": "2026-01-23T16:27:13.346Z",
        "dateReserved": "2026-01-21T18:30:52.594Z",
        "dateUpdated": "2026-03-03T14:43:35.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12781 (GCVE-0-2025-12781)

    Vulnerability from nvd – Published: 2026-01-21 19:34 – Updated: 2026-01-22 20:12
    VLAI
    Title
    base64.b64decode() always accepts "+/" characters, despite setting altchars
    Summary
    When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without "+/"). If your application does not use the "altchars" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted "+" or "/" outside of altchars.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-704 - Incorrect Type Conversion or Cast
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.10 (python)
    Affected: 3.14.0 , < 3.14.1 (python)
    Affected: 3.15.0a1 , < 3.15.0a2 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T14:53:47.177224Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-704",
                    "description": "CWE-704 Incorrect Type Conversion or Cast",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-22T14:53:50.663Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "base64"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.1",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a2",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eWhen passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python.\u0026nbsp;Users are recommended to mitigate by verifying user-controlled inputs match the base64 \nalphabet they are expecting or verify that their application would not be \naffected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.\u003c/div\u003e"
                }
              ],
              "value": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues.\n\n\n\n\nThis behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet.\n\n\n\n\nThe attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python.\u00a0Users are recommended to mitigate by verifying user-controlled inputs match the base64 \nalphabet they are expecting or verify that their application would not be \naffected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-22T20:12:56.421Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/141128"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/125346"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/13360efd385d1a7d0659beba03787ea3d063ef9b"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/1be80bec7960f5ccd059e75f3dfbd45fca302947"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/9060b4abbe475591b6230b23c2afefeff26fcca5"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e95e783dff443b68e8179fdb57737025bf02ba76"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/fd17ee026fa9b67f6288cbafe374a3e479fe03a5"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "base64.b64decode() always accepts \"+/\" characters, despite setting altchars",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2025-12781",
        "datePublished": "2026-01-21T19:34:47.979Z",
        "dateReserved": "2025-11-05T22:04:54.230Z",
        "dateUpdated": "2026-01-22T20:12:56.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0865 (GCVE-0-2026-0865)

    Vulnerability from nvd – Published: 2026-01-20 21:26 – Updated: 2026-03-03 14:43
    VLAI
    Title
    wsgiref.headers.Headers allows header newline injection
    Summary
    User-controlled header names and values containing newlines can allow injecting HTTP headers.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.10.20 (python)
    Affected: 3.11.0 , < 3.11.15 (python)
    Affected: 3.12.0 , < 3.12.13 (python)
    Affected: 3.13.0 , < 3.13.12 (python)
    Affected: 3.14.0 , < 3.14.3 (python)
    Affected: 3.15.0a1 , < 3.15.0a6 (python)
    Create a notification for this product.
    Credits
    Omar M. Hasan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0865",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-21T15:40:22.223517Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-21T16:14:52.038Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.10.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.11.15",
                  "status": "affected",
                  "version": "3.11.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.12.13",
                  "status": "affected",
                  "version": "3.12.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.13.12",
                  "status": "affected",
                  "version": "3.13.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.3",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a6",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Omar M. Hasan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "User-controlled header names and values containing newlines can allow injecting HTTP headers."
                }
              ],
              "value": "User-controlled header names and values containing newlines can allow injecting HTTP headers."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-03T14:43:30.596Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/143917"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/143916"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "wsgiref.headers.Headers allows header newline injection",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-0865",
        "datePublished": "2026-01-20T21:26:15.274Z",
        "dateReserved": "2026-01-12T16:07:56.781Z",
        "dateUpdated": "2026-03-03T14:43:30.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0672 (GCVE-0-2026-0672)

    Vulnerability from nvd – Published: 2026-01-20 21:52 – Updated: 2026-03-03 14:43
    VLAI
    Title
    Header injection in http.cookies.Morsel
    Summary
    When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.10.20 (python)
    Affected: 3.11.0 , < 3.11.15 (python)
    Affected: 3.12.0 , < 3.12.13 (python)
    Affected: 3.13.0 , < 3.13.12 (python)
    Affected: 3.14.0 , < 3.14.3 (python)
    Affected: 3.15.0a1 , < 3.15.0a6 (python)
    Create a notification for this product.
    Credits
    Omar M. Hasan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0672",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-21T15:40:11.672802Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-21T16:14:06.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "http.cookies"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.10.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.11.15",
                  "status": "affected",
                  "version": "3.11.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.12.13",
                  "status": "affected",
                  "version": "3.12.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.13.12",
                  "status": "affected",
                  "version": "3.13.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.3",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a6",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Omar M. Hasan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters."
                }
              ],
              "value": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "CWE-93",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-03T14:43:20.490Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/143920"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/143919"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Header injection in http.cookies.Morsel",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-0672",
        "datePublished": "2026-01-20T21:52:33.925Z",
        "dateReserved": "2026-01-07T17:08:45.326Z",
        "dateUpdated": "2026-03-03T14:43:20.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15367 (GCVE-0-2025-15367)

    Vulnerability from nvd – Published: 2026-01-20 21:47 – Updated: 2026-02-26 14:44
    VLAI
    Title
    POP3 command injection in user-controlled commands
    Summary
    The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0a6 (python)
    Create a notification for this product.
    Credits
    Omar M. Hasan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T04:55:33.480214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:41.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "poplib"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0a6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Omar M. Hasan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The poplib module, when passed a user-controlled command, can have\nadditional commands injected using newlines. Mitigation rejects commands\ncontaining control characters."
                }
              ],
              "value": "The poplib module, when passed a user-controlled command, can have\nadditional commands injected using newlines. Mitigation rejects commands\ncontaining control characters."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-11T16:12:35.845Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/143924"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/143923"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874e7"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "POP3 command injection in user-controlled commands",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2025-15367",
        "datePublished": "2026-01-20T21:47:09.885Z",
        "dateReserved": "2025-12-30T16:06:42.288Z",
        "dateUpdated": "2026-02-26T14:44:41.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }