Search

Find a vulnerability

Search criteria

    71 vulnerabilities

    CVE-2026-15308 (GCVE-0-2026-15308)

    Vulnerability from cvelistv5 – Published: 2026-07-09 17:10 – Updated: 2026-07-09 19:32
    VLAI
    Title
    Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations
    Summary
    The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0 (python)
    Create a notification for this product.
    Credits
    Edward-x (https://github.com/YLChen-007) Serhiy Storchaka (https://github.com/serhiy-storchaka) Gregory P. Smith (https://github.com/gpshead) Seth Larson (https://github.com/sethmlarson)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15308",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T17:31:19.781935Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T17:31:27.360Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:32:36.790Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/09/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "html.parser",
                "html"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Edward-x (https://github.com/YLChen-007)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Serhiy Storchaka (https://github.com/serhiy-storchaka)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Gregory P. Smith (https://github.com/gpshead)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The incremental HTML parser (html.parser.HTMLParser) allows for CPU\ndenial-of-service through repeated unterminated markup declarations when\nprocessing uncontrolled data."
                }
              ],
              "value": "The incremental HTML parser (html.parser.HTMLParser) allows for CPU\ndenial-of-service through repeated unterminated markup declarations when\nprocessing uncontrolled data."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:00:03.303Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F6453LWKSHKCTWFLCOURWPLETNUIW2Z5/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/153031"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/153030"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/07efb08123ba9367a7107325adb9d5626dca1ca9"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7933f4bf7131aa4140750f9404f5de0aa2969ced"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/bcf98ddbc40ec9b3ee87da0124a5660b19b7e606"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e9f92ac0b298292e7ff998e52cb8ccacfb27a0bd"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-15308",
        "datePublished": "2026-07-09T17:10:57.317Z",
        "dateReserved": "2026-07-09T17:04:11.926Z",
        "dateUpdated": "2026-07-09T19:32:36.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4360 (GCVE-0-2026-4360)

    Vulnerability from cvelistv5 – Published: 2026-06-30 14:45 – Updated: 2026-07-07 17:01
    VLAI
    Title
    Tarfile.extract() doesn't fully respect filter parameter
    Summary
    In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract() function.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0 (python)
    Create a notification for this product.
    Credits
    Michael Scovetta (https://github.com/scovetta) Seth Larson (https://github.com/sethmlarson) Petr Viktorin (https://github.com/encukou)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T15:28:24.835246Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T15:28:30.201Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tarfile"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Michael Scovetta (https://github.com/scovetta)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Petr Viktorin (https://github.com/encukou)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter=\u0027data\u0027 to the extract() function."
                }
              ],
              "value": "In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter=\u0027data\u0027 to the extract() function."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T17:01:15.080Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/TWZW2PC2AZOV6FENIHFSRC63OM7MBGSB/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/151988"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/151987"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5e0ef3f1afe892e4f64eb83368db57ac4c40cba0"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7b57e8d51446297b8c7c482d224bc5f1938e4301"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7ccdbaba2c54250a70d7f25632152df7655a5e0a"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/eee3ddf0ca10283cc7fea724aae9cd8665f8d15e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d2b2f5eacab4dd48446b63340613b05dcbbf0b44"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Tarfile.extract() doesn\u0027t fully respect filter parameter",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-4360",
        "datePublished": "2026-06-30T14:45:35.601Z",
        "dateReserved": "2026-03-17T19:25:46.527Z",
        "dateUpdated": "2026-07-07T17:01:15.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11972 (GCVE-0-2026-11972)

    Vulnerability from cvelistv5 – Published: 2026-06-23 22:02 – Updated: 2026-06-30 15:13
    VLAI
    Title
    tarfile opened in streaming mode mishandles EOF
    Summary
    When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0 (python)
    Create a notification for this product.
    Credits
    Ryan Hileman (https://github.com/lunixbochs) Petr Viktorin (https://github.com/encukou) Stan Ulbrych (https://github.com/StanFromIreland)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11972",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-24T15:33:49.665045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T15:34:06.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tarfile"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ryan Hileman (https://github.com/lunixbochs)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Petr Viktorin (https://github.com/encukou)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "When using the \"tarfile\" module with a file opened in \"streaming mode\" (mode=\"r|\") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer."
                }
              ],
              "value": "When using the \"tarfile\" module with a file opened in \"streaming mode\" (mode=\"r|\") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-252",
                  "description": "CWE-252",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-606",
                  "description": "CWE-606",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:13:21.383Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/151981"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/151982"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AXPSKKTSRKXTTJULW3XSIC74WZNAAPPB/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/3f031d431f80668e14f3bc066bbf4369cd9281b9"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/4ce6bf7c8aa7725828a38981c306f214c1f29365"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7f0dc59c9a70f8f3b4da33d7c4a2ba552a7acc21"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e86666c9dd256d52d0fbef6feb1ea4a51768fdec"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/eb63c0f94dfcbea7fda8eab6213818e134d67192"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/f50bf13566189c8d0ce5a814f33eff3d89951896"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "tarfile opened in streaming mode mishandles EOF",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-11972",
        "datePublished": "2026-06-23T22:02:45.434Z",
        "dateReserved": "2026-06-11T11:35:05.520Z",
        "dateUpdated": "2026-06-30T15:13:21.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0864 (GCVE-0-2026-0864)

    Vulnerability from cvelistv5 – Published: 2026-06-23 17:42 – Updated: 2026-06-24 12:55
    VLAI
    Title
    Configuration Injection via Carriage Return (\r) in write() method
    Summary
    When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0 (python)
    Create a notification for this product.
    Credits
    D0n9 (https://github.com/D0n9) Petr Viktorin (https://github.com/encukou) Seth Larson (https://github.com/sethmlarson)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T18:34:23.504725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-74",
                    "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T18:34:49.788Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "D0n9 (https://github.com/D0n9)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Petr Viktorin (https://github.com/encukou)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "When using the \"configparser\" module to write configuration files\ncontaining multi-line text values with carriage return characters (\\r) the\nresulting file could be injected with unexpected keys and values if the\nattacker controls the written value."
                }
              ],
              "value": "When using the \"configparser\" module to write configuration files\ncontaining multi-line text values with carriage return characters (\\r) the\nresulting file could be injected with unexpected keys and values if the\nattacker controls the written value."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T12:55:42.471Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/151559"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CV4NE6AFCRJL7XQOHX7J5TSDHUWVWGJS/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/143927"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5858e42c539dac8394636a6e9b30472b8994851f"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/0adb386f6e68eb2e73d32e19f235d012df009528"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/71f2e02a52d47417a6fd69f456346cd8aa7aca98"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/aaf850fd333cd89e9aada03d92aaa788a6cb1bb8"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Configuration Injection via Carriage Return (\\r) in write() method",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-0864",
        "datePublished": "2026-06-23T17:42:01.947Z",
        "dateReserved": "2026-01-12T16:07:55.453Z",
        "dateUpdated": "2026-06-24T12:55:42.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11940 (GCVE-0-2026-11940)

    Vulnerability from cvelistv5 – Published: 2026-06-23 16:04 – Updated: 2026-06-30 15:13
    VLAI
    Title
    tarfile extraction filter bypass allows escaping the destination directory
    Summary
    tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself.  The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower path, letting a relative target the filter judged contained escape the destination directory.  This allowed a malicious tar archive to create a symlink pointing outside the destination, enabling out-of-destination file reads or writes. This was an incomplete fix of CVE-2025-4330.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0 (python)
    Create a notification for this product.
    Credits
    Haruki Oyama (https://github.com/harukioya) Stan Ulbrych (https://github.com/StanFromIreland) Petr Viktorin (https://github.com/encukou)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11940",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T17:57:25.652265Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T17:57:32.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Haruki Oyama (https://github.com/harukioya)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Petr Viktorin (https://github.com/encukou)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "\u003cspan\u003etarfile.extractall()\u003c/span\u003e with the \u003cspan\u003e\u0027data\u0027\u003c/span\u003e or \u003cspan\u003e\u0027tar\u0027\u003c/span\u003e\n filter could be bypassed by a crafted archive where a hardlink \nreferences a symlink stored at a deeper name than the hardlink itself.\u0026nbsp; \nThe extraction fallback validated the symlink at it\u0027s archived location \nbut recreated it at the hardlink\u0027s shallower\u003cbr\u003epath, letting a relative\n target the filter judged contained escape the destination directory.\u0026nbsp; \nThis allowed a malicious tar archive to create a symlink pointing \noutside the destination, enabling out-of-destination file reads or \nwrites. This was an incomplete fix of CVE-2025-4330."
                }
              ],
              "value": "tarfile.extractall() with the \u0027data\u0027 or \u0027tar\u0027\n filter could be bypassed by a crafted archive where a hardlink \nreferences a symlink stored at a deeper name than the hardlink itself.\u00a0 \nThe extraction fallback validated the symlink at it\u0027s archived location \nbut recreated it at the hardlink\u0027s shallower\npath, letting a relative\n target the filter judged contained escape the destination directory.\u00a0 \nThis allowed a malicious tar archive to create a symlink pointing \noutside the destination, enabling out-of-destination file reads or \nwrites. This was an incomplete fix of CVE-2025-4330."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:13:33.568Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/151559"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/LD6QIISNQFQYOIEPJNEUIPV7S3V76FZH/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/151558"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/27dd970bf6b17ebca7c8ed486a40ab043ed7af8f"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/672825e2f36a57e173959b0d9d409d4560dab8df"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/771d12dda5140313db0ac550292987975651bbde"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/79c06bd5c6afa3c440d50faf7ee1b147c8832b4c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/be13e86f6b9788a6f4d0419dffef72cbae5865c9"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "tarfile extraction filter bypass allows escaping the destination directory",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-11940",
        "datePublished": "2026-06-23T16:04:17.321Z",
        "dateReserved": "2026-06-10T19:50:59.923Z",
        "dateUpdated": "2026-06-30T15:13:33.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12003 (GCVE-0-2026-12003)

    Vulnerability from cvelistv5 – Published: 2026-06-16 15:18 – Updated: 2026-06-23 17:55
    VLAI
    Title
    CPython >3.11 Insecure Input Validation resulting in privilege escalation
    Summary
    To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python assumes it is running in a source tree and generates a different default sys.path. This code remains in release builds, so that release-ready builds can be built in-tree. On Windows, since builds are written to 'PCbuild/', the value of VPATH is set to '..\..', which results in a landmark of '..\..\Modules\setup.local'. This path is outside the install directory of Python, and may have different permissions, potentially allowing a low-privilege user to create the landmark and an alternative `Lib` folder that will be discovered by an otherwise restricted install. Such a setup occurs with the legacy default install location for all users (in the now superseded EXE installer), due to how Windows allows all users to create folders in the root directory of their OS drive. Our recommended mitigation on Windows is to migrate away from the legacy installer and use the new [Python install manager](https://www.python.org/downloads/latest/pymanager/) to install for the current user. Installs where the directory two levels above the Python installation directory have equivalent permissions are unaffected (in general, a per-user install cannot be modified at all by other users, removing any escalation of privilege risk, and could be directly modified by a privileged user, making the potential tampering irrelevant). Alternative mitigations might include preemptively creating and restricting access to a `Modules` directory. Be aware that only 3.13 and 3.14 will receive updated legacy installers - earlier fixes are only provided as sources. Platforms other than Windows allow VPATH to be overridden, but as they don't usually use a separated directory in the build for binaries, are unlikely to have a landmark reference outside of the install directory. The landmark detection involving VPATH is a fallback for when a more specific landmark - .\pybuilddir.txt - is absent, and was included for compatibility. Future releases of Python will no longer include the fallback, and so builds will need to generate or preserve the pybuilddir.txt file in order to work in-tree. This landmark file has been generated on Windows since 3.11, and on other platforms for longer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.15.0b3 (python)
    Create a notification for this product.
    Credits
    Jake Yamaki (https://github.com/b6938236) Steve Dower (https://github.com/zooba)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T17:53:54.916961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T17:56:25.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-16T19:12:36.706Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/16/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.15.0b3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Jake Yamaki (https://github.com/b6938236)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Steve Dower (https://github.com/zooba)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "To allow builds of Python to be run from an in-tree layout (rather than\u003cbr\u003ean installed file layout), the VPATH variable is defined at build time\u003cbr\u003eand used to locate certain landmarks - specifically,\u003cbr\u003eModules/setup.local. When this landmark is found relative to VPATH\u003cbr\u003erelative to the executable, Python assumes it is running in a source\u003cbr\u003etree and generates a different default sys.path. This code remains in\u003cbr\u003erelease builds, so that release-ready builds can be built in-tree.\u003cbr\u003e\u003cbr\u003eOn Windows, since builds are written to \u0027PCbuild/\u0027, the value of\u003cbr\u003eVPATH is set to \u0027..\\..\u0027, which results in a landmark of\u003cbr\u003e\u0027..\\..\\Modules\\setup.local\u0027. This path is outside the install directory\u003cbr\u003eof Python, and may have different permissions, potentially allowing a\u003cbr\u003elow-privilege user to create the landmark and an alternative `Lib`\u003cbr\u003efolder that will be discovered by an otherwise restricted install.\u003cbr\u003e\u003cbr\u003eSuch a setup occurs with the legacy default install location for all\u003cbr\u003eusers (in the now superseded EXE installer), due to how Windows allows\u003cbr\u003eall users to create folders in the root directory of their OS drive.\u003cbr\u003e\u003cbr\u003eOur recommended mitigation on Windows is to migrate away from the\u003cbr\u003elegacy installer and use the new [Python install\u003cbr\u003emanager](https://www.python.org/downloads/latest/pymanager/) to install\u003cbr\u003efor the current user. Installs where the directory two levels above the\u003cbr\u003ePython installation directory have equivalent permissions are unaffected\u003cbr\u003e(in general, a per-user install cannot be modified at all by other\u003cbr\u003eusers, removing any escalation of privilege risk, and could be directly\u003cbr\u003emodified by a privileged user, making the potential tampering\u003cbr\u003eirrelevant). Alternative mitigations might include preemptively creating\u003cbr\u003eand restricting access to a `Modules` directory. Be aware that only 3.13\u003cbr\u003eand 3.14 will receive updated legacy installers - earlier fixes are only\u003cbr\u003eprovided as sources.\u003cbr\u003e\u003cbr\u003ePlatforms other than Windows allow VPATH to be overridden, but as they\u003cbr\u003edon\u0027t usually use a separated directory in the build for binaries, are\u003cbr\u003eunlikely to have a landmark reference outside of the install directory.\u003cbr\u003e\u003cbr\u003eThe landmark detection involving VPATH is a fallback for when a more\u003cbr\u003especific landmark - .\\pybuilddir.txt - is absent, and was included for\u003cbr\u003ecompatibility. Future releases of Python will no longer include the\u003cbr\u003efallback, and so builds will need to generate or preserve the\u003cbr\u003epybuilddir.txt file in order to work in-tree. This landmark file has\u003cbr\u003ebeen generated on Windows since 3.11, and on other platforms for longer."
                }
              ],
              "value": "To allow builds of Python to be run from an in-tree layout (rather than\nan installed file layout), the VPATH variable is defined at build time\nand used to locate certain landmarks - specifically,\nModules/setup.local. When this landmark is found relative to VPATH\nrelative to the executable, Python assumes it is running in a source\ntree and generates a different default sys.path. This code remains in\nrelease builds, so that release-ready builds can be built in-tree.\n\nOn Windows, since builds are written to \u0027PCbuild/\u0027, the value of\nVPATH is set to \u0027..\\..\u0027, which results in a landmark of\n\u0027..\\..\\Modules\\setup.local\u0027. This path is outside the install directory\nof Python, and may have different permissions, potentially allowing a\nlow-privilege user to create the landmark and an alternative `Lib`\nfolder that will be discovered by an otherwise restricted install.\n\nSuch a setup occurs with the legacy default install location for all\nusers (in the now superseded EXE installer), due to how Windows allows\nall users to create folders in the root directory of their OS drive.\n\nOur recommended mitigation on Windows is to migrate away from the\nlegacy installer and use the new [Python install\nmanager](https://www.python.org/downloads/latest/pymanager/) to install\nfor the current user. Installs where the directory two levels above the\nPython installation directory have equivalent permissions are unaffected\n(in general, a per-user install cannot be modified at all by other\nusers, removing any escalation of privilege risk, and could be directly\nmodified by a privileged user, making the potential tampering\nirrelevant). Alternative mitigations might include preemptively creating\nand restricting access to a `Modules` directory. Be aware that only 3.13\nand 3.14 will receive updated legacy installers - earlier fixes are only\nprovided as sources.\n\nPlatforms other than Windows allow VPATH to be overridden, but as they\ndon\u0027t usually use a separated directory in the build for binaries, are\nunlikely to have a landmark reference outside of the install directory.\n\nThe landmark detection involving VPATH is a fallback for when a more\nspecific landmark - .\\pybuilddir.txt - is absent, and was included for\ncompatibility. Future releases of Python will no longer include the\nfallback, and so builds will need to generate or preserve the\npybuilddir.txt file in order to work in-tree. This landmark file has\nbeen generated on Windows since 3.11, and on other platforms for longer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T17:55:53.735Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/151545"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/151544"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://mail.python.org/archives/list/security-announce@python.org/thread/JIFOBO7UX3LY4VJKJUOKYJV62CFR2IRH/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/16c40f944b7bff724a403cf4902763d095bb4b2a"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/9e863fab283eddca9c2a8f9d1ee30f4dc243e314"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/a86de0bc236fbb9452f98998fc8437e9fca35700"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/b93d6d3399adbd3a5037b6b92fc3587c85ac5d56"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CPython \u003e3.11 Insecure Input Validation resulting in privilege escalation",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-12003",
        "datePublished": "2026-06-16T15:18:42.998Z",
        "dateReserved": "2026-06-11T17:05:37.519Z",
        "dateUpdated": "2026-06-23T17:55:53.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9669 (GCVE-0-2026-9669)

    Vulnerability from cvelistv5 – Published: 2026-06-08 22:01 – Updated: 2026-07-07 16:59
    VLAI
    Title
    bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
    Summary
    bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0 , < 3.14.6 (python)
    Affected: 3.15.0a1 , < 3.15.0b3 (python)
    Create a notification for this product.
    Credits
    Bitshift (https://github.com/TheShiftedBit) Emma Smith (https://github.com/emmatyping) Stan Ulbrych (https://github.com/StanFromIreland) Serhiy Storchaka (https://github.com/serhiy-storchaka)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-08T23:27:25.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/08/17"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9669",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T12:23:25.378543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T12:23:44.258Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "bz2"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b3",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bitshift (https://github.com/TheShiftedBit)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Emma Smith (https://github.com/emmatyping)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Serhiy Storchaka (https://github.com/serhiy-storchaka)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data."
                }
              ],
              "value": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T16:59:27.712Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/150600"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/DBJZETMGUIFK7DVUWMOXHD3Z6IX2QPSX/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/150599"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/938ec030e90c5e53f1faac6fab1643f14e4f4a79"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-9669",
        "datePublished": "2026-06-08T22:01:15.420Z",
        "dateReserved": "2026-05-27T03:13:18.152Z",
        "dateUpdated": "2026-07-07T16:59:27.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7774 (GCVE-0-2026-7774)

    Vulnerability from cvelistv5 – Published: 2026-06-04 14:21 – Updated: 2026-07-07 16:59
    VLAI
    Title
    tarfile.data_filter path traversal bypass allows writing outside the extraction directory
    Summary
    tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0 , < 3.14.6 (python)
    Affected: 3.15.0a1 , < 3.15.0b2 (python)
    Create a notification for this product.
    Credits
    Phùng Siêu Đạt (OPSWAT Unit 515) Seth Larson (https://github.com/sethmlarson) Gregory P. Smith (https://github.com/gpshead) Petr Viktorin (https://github.com/encukou) Stan Ulbrych (https://github.com/StanFromIreland)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T17:27:23.917872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T17:27:34.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-04T18:45:41.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/04/9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tarfile"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b2",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ph\u00f9ng Si\u00eau \u0110\u1ea1t (OPSWAT Unit 515)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Gregory P. Smith (https://github.com/gpshead)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Petr Viktorin (https://github.com/encukou)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process."
                }
              ],
              "value": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T16:59:55.298Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/149487"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/149486"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/4FU62L2M6RMMHT2QPGQNPEHHUND7CEX5/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/0478bd83d82b255e0f29f613367a59d261e7eaa2"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/0d28f5e46e151718972dfabd91205444d0037b6d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/578411982c16f753f4893532510099ef665117da"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5cf47a248c35c375d610b87b2f72fd1ed454b558"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/74cca9a92fb7d653e404843a56b8bdc7b0afdbbf"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/10a13bee3c24f9c62b602e696334ff2272a40efc"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c063191cb7f9170f9565e305f8aa2b79ab2bf609"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "tarfile.data_filter path traversal bypass allows writing outside the extraction directory",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-7774",
        "datePublished": "2026-06-04T14:21:23.904Z",
        "dateReserved": "2026-05-04T14:47:51.154Z",
        "dateUpdated": "2026-07-07T16:59:55.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3276 (GCVE-0-2026-3276)

    Vulnerability from cvelistv5 – Published: 2026-06-03 14:29 – Updated: 2026-06-16 14:54
    VLAI
    Title
    Potential DoS via quadratic complexity in unicodedata.normalize()
    Summary
    unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0 , < 3.14.6 (python)
    Affected: 3.15.0a1 , < 3.15.0b2 (python)
    Create a notification for this product.
    Credits
    Seokchan Yoon (https://github.com/ch4n3-yoon) Tim Peters (https://github.com/tim-one) Bénédikt Tran (https://github.com/picnixz) Serhiy Storchaka (https://github.com/serhiy-storchaka) Stan Ulbrych (https://github.com/StanFromIreland) Seth Larson (https://github.com/sethmlarson) Petr Viktorin (https://github.com/encukou)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3276",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T17:27:09.393265Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T17:27:19.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-03T19:18:17.828Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/03/15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b2",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Seokchan Yoon (https://github.com/ch4n3-yoon)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Tim Peters (https://github.com/tim-one)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "B\u00e9n\u00e9dikt Tran (https://github.com/picnixz)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Serhiy Storchaka (https://github.com/serhiy-storchaka)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Petr Viktorin (https://github.com/encukou)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eunicodedata.normalize()\u003c/span\u003e can take excessive CPU time when processing\u003cbr\u003especially crafted Unicode input containing long runs of combining characters\u003cbr\u003ewith alternating Canonical Combining Class values.\u003cbr\u003eThis affects all normalization forms."
                }
              ],
              "value": "unicodedata.normalize() can take excessive CPU time when processing\nspecially crafted Unicode input containing long runs of combining characters\nwith alternating Canonical Combining Class values.\nThis affects all normalization forms."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "CWE-407",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T14:54:50.442Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PP5HB4K7727OBBM76KA2ILID76K3OZGZ/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/149080"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/149079"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/6b505d1f41f8f3ea0fe5a4786d3a8fff1875cfc0"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/991224b1e8311c85f198f6dd8208bf8cff7fc26f"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ba785b88add96acbf403d65cb157fb2743a33a32"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c5512bd7c1dc28055660565275012766941d3066"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/90748760d38ca3ac5fc6788a69becab905c95598"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Potential DoS via quadratic complexity in unicodedata.normalize()",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3276",
        "datePublished": "2026-06-03T14:29:39.727Z",
        "dateReserved": "2026-02-26T15:19:46.862Z",
        "dateUpdated": "2026-06-16T14:54:50.442Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8643 (GCVE-0-2026-8643)

    Vulnerability from cvelistv5 – Published: 2026-06-01 15:01 – Updated: 2026-07-08 12:05
    VLAI
    Title
    pip can extract console_scripts and gui_scripts outside installation directory
    Summary
    pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    PSF
    References
    URL Tags
    https://github.com/pypa/pip/pull/14000 patch
    https://mail.python.org/archives/list/security-an… vendor-advisory
    http://www.openwall.com/lists/oss-security/2026/06/01/5
    https://access.redhat.com/security/cve/CVE-2026-8643 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460927 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:36193 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36315 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34374 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33313 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34891 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34772 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34778 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34780 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34774 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34739 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34752 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34765 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34758 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34756 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34760 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34776 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34748 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34775 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34740 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34749 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34750 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34741 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34777 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34456 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Python Packaging Authority pip Affected: 24.0 , < 26.1.2 (python)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6     cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2     cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.0     cpe:/a:redhat:openshift_ai:3.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.2     cpe:/a:redhat:openshift_ai:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3     cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.4     cpe:/a:redhat:openshift_ai:3.4::el9
    Create a notification for this product.
    Red Hat Exploit Intelligence     cpe:/a:redhat:exploit_intelligence:0
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 8     cpe:/a:redhat:migration_toolkit_applications:8
    Create a notification for this product.
    Red Hat Migration Toolkit for Virtualization     cpe:/a:redhat:migration_toolkit_virtualization:2
    Create a notification for this product.
    Red Hat Pen Drive Powered by Red Hat Lightspeed     cpe:/a:redhat:pdrive_lightspeed:0
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server     cpe:/a:redhat:ai_inference_server:3
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI) 3     cpe:/a:redhat:enterprise_linux_ai:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer     cpe:/a:redhat:trusted_artifact_signer:1
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Red Hat Developer Hub     cpe:/a:redhat:rhdh:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Service Telemetry Framework 1.5     cpe:/a:redhat:stf:1.5
    Create a notification for this product.
    Credits
    Lumír Balhar Damian Shaw (https://github.com/notatallshaw) Gregory P. Smith (https://github.com/gpshead) Jannis Leidel (https://github.com/jezdez) Pradyun Gedam (https://github.com/pradyunsg) Paul Moore (https://github.com/pfmoore)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-01T18:55:02.964Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/01/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8643",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T18:57:40.345155Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T12:02:53.513Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:discovery:2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Discovery 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:exploit_intelligence:0"
                ],
                "defaultStatus": "affected",
                "product": "Exploit Intelligence",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_applications:8"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Applications 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_virtualization:2"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Virtualization",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:pdrive_lightspeed:0"
                ],
                "defaultStatus": "affected",
                "product": "Pen Drive Powered by Red Hat Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Developer Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:stf:1.5"
                ],
                "defaultStatus": "unaffected",
                "product": "Service Telemetry Framework 1.5",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-27T17:03:36.585Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:05:59.285Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-8643"
              },
              {
                "name": "RHBZ#2460927",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460927"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8643.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36193"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36315"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34374"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33313"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34891"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34772"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34778"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34780"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34773"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34774"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34739"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34752"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34765"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34758"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34756"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34760"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34776"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34748"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34775"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34740"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34749"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34750"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34741"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34777"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34456"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:36193: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36315: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34374: Red Hat Ansible Automation Platform 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33313: Red Hat Discovery 2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34891: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34772: Red Hat OpenShift AI 3.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34778: Red Hat OpenShift AI 3.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34780: Red Hat OpenShift AI 3.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34773: Red Hat OpenShift AI 3.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34774: Red Hat OpenShift AI 3.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34739: Red Hat OpenShift AI 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34752: Red Hat OpenShift AI 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34765: Red Hat OpenShift AI 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34758: Red Hat OpenShift AI 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34756: Red Hat OpenShift AI 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34760: Red Hat OpenShift AI 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34776: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34748: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34775: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34740: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34749: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34750: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34741: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34777: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34456: Red Hat OpenShift AI 3.4"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-22T23:09:35.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-27T17:03:36.585Z",
                "value": "Made public."
              }
            ],
            "title": "python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this issue, users should avoid installing Python wheels from untrusted sources. It is strongly advised against using `pip install` with elevated privileges, such as `sudo`, when installing wheels. Additionally, administrators should inspect `entry_points.txt` within wheels for path separators or absolute paths before installation."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pypi.org/project/pip",
              "defaultStatus": "unaffected",
              "packageName": "pip",
              "product": "pip",
              "repo": "https://github.com/pypa/pip",
              "vendor": "Python Packaging Authority",
              "versions": [
                {
                  "lessThan": "26.1.2",
                  "status": "affected",
                  "version": "24.0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Lum\u00edr Balhar"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Damian Shaw (https://github.com/notatallshaw)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Gregory P. Smith (https://github.com/gpshead)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Jannis Leidel (https://github.com/jezdez)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Pradyun Gedam (https://github.com/pradyunsg)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Paul Moore (https://github.com/pfmoore)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory."
                }
              ],
              "value": "pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:07:48.871Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pypa/pip/pull/14000"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/YV63UET5D3OOJY7O4M5XCVYO2YM4NBYJ/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "pip can extract console_scripts and gui_scripts outside installation directory",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-8643",
        "datePublished": "2026-06-01T15:01:32.143Z",
        "dateReserved": "2026-05-14T20:21:04.562Z",
        "dateUpdated": "2026-07-08T12:05:59.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8328 (GCVE-0-2026-8328)

    Vulnerability from cvelistv5 – Published: 2026-05-13 20:14 – Updated: 2026-06-30 15:09
    VLAI
    Title
    FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
    Summary
    The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side request forgery (SSRF)
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0 , < 3.14.6 (python)
    Affected: 3.15.0a1 , < 3.15.0b2 (python)
    Create a notification for this product.
    Credits
    Qi Deng (https://github.com/ikow) Bénédikt Tran (https://github.com/picnixz) Gregory P. Smith (https://github.com/gpshead)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8328",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T12:49:18.311219Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T12:49:39.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "ftplib"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b2",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Qi Deng (https://github.com/ikow)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "B\u00e9n\u00e9dikt Tran (https://github.com/picnixz)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Gregory P. Smith (https://github.com/gpshead)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "\u003cdiv\u003eThe ftpcp() function in Lib/ftplib.py was not updated when \nCVE-2021-4189 was fixed. While makepasv() was patched to replace \nserver-supplied PASV host addresses with the actual peer address \n(getpeername()[0]), ftpcp() still calls parse227() directly and passes \nthe raw attacker-controllable IP address and port to target.sendport(). This patch is related to\u0026nbsp;CVE-2021-4189.\u003c/div\u003e"
                }
              ],
              "value": "The ftpcp() function in Lib/ftplib.py was not updated when \nCVE-2021-4189 was fixed. While makepasv() was patched to replace \nserver-supplied PASV host addresses with the actual peer address \n(getpeername()[0]), ftpcp() still calls parse227() directly and passes \nthe raw attacker-controllable IP address and port to target.sendport(). This patch is related to\u00a0CVE-2021-4189."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side request forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:09:29.230Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/87451"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/149648"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ITF2BAPBQEPYK3LDMPRSY435JGNHYNDP/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5dadc64673ce875ebfb24163907777dae0f6ca06"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7d95a1dc7382b55cba7fdd6a110336077584a4f0"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/bb3446dda6c49b32e67c11dbbbf221b40be00763"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c88704431ea3248ca769384c13856330976fac1d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/eac4fe3b2c77693790a5ef7dfab127c1fee81bf9"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/2bbcf3fb7a420a05605576c0f9468d4675381b5f"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ef12d0dc824baccf737bba1458e5eed3d1e0fceb"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-8328",
        "datePublished": "2026-05-13T20:14:33.751Z",
        "dateReserved": "2026-05-11T15:06:00.859Z",
        "dateUpdated": "2026-06-30T15:09:29.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7210 (GCVE-0-2026-7210)

    Vulnerability from cvelistv5 – Published: 2026-05-11 17:19 – Updated: 2026-06-10 18:57
    VLAI
    Title
    The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
    Summary
    `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0 , < 3.14.6 (python)
    Affected: 3.15.0a1 , < 3.15.0b2 (python)
    Create a notification for this product.
    Credits
    Stan Ulbrych (https://github.com/StanFromIreland) Gregory P. Smith (https://github.com/gpshead)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T18:53:57.884366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T18:54:12.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-11T20:34:17.811Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/11/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/11/13"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "xml",
                "expat"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b2",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Stan Ulbrych (https://github.com/StanFromIreland)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Gregory P. Smith (https://github.com/gpshead)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch."
                }
              ],
              "value": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331 Insufficient entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:57:50.682Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PNY5OMBDPM2FRUZTWFFPJ6LISWKV627K/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/149023"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/149018"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/24b8f12544468e4cedf5bfbe25442fcd495391e4"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/3573b3b1ecbd99030a0b18658e1bfece771b2566"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/eeea765cb9d8f1fc3d8918b272ac3c477983f27a"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/fc9b11ff49cbc82e6f917d07a61517a2b5f3145f"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-7210",
        "datePublished": "2026-05-11T17:19:09.784Z",
        "dateReserved": "2026-04-27T14:43:40.042Z",
        "dateUpdated": "2026-06-10T18:57:50.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3087 (GCVE-0-2026-3087)

    Vulnerability from cvelistv5 – Published: 2026-04-27 20:46 – Updated: 2026-06-10 18:04
    VLAI
    Title
    shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
    Summary
    If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Credits
    Serhiy Storchaka (https://github.com/serhiy-storchaka) Seth Larson (https://github.com/sethmlarson) GGAutomaton (https://github.com/GGAutomaton)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-28T05:07:42.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/28/9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3087",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-28T13:38:08.747185Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-28T14:35:55.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "shutil"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Serhiy Storchaka (https://github.com/serhiy-storchaka)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "GGAutomaton (https://github.com/GGAutomaton)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability."
                }
              ],
              "value": "If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:04:43.260Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/146591"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/146581"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ab5ef98af693bded74a738570e81ea70abef2840"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/b01e594fbe754a960212f908d047294e880b52fd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/fc829e88753858c8ac669594bf0093f44948c0f4"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/65b255416ae217bf0e22085be3c1976cea18bd8c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/8e13025747e1ca72e86d1f35637123f9c306f0cb"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/8ee6aff14054b37b53e47194a2fa313e98163c94"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ba0aca3bffce431fe2fbd53ca4cd6a717a2e2c19"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "shutil.unpack_archive() doesn\u0027t check for Windows absolute paths in ZIPs",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3087",
        "datePublished": "2026-04-27T20:46:43.201Z",
        "dateReserved": "2026-02-23T23:14:46.433Z",
        "dateUpdated": "2026-06-10T18:04:43.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6357 (GCVE-0-2026-6357)

    Vulnerability from cvelistv5 – Published: 2026-04-27 14:19 – Updated: 2026-04-27 22:17
    VLAI
    Title
    pip self-update functionality can import newly installed modules after wheel installation
    Summary
    pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Pip maintainers pip Affected: 0 , < 26.1 (python)
    Create a notification for this product.
    Credits
    Damian Shaw Damian Shaw Richard Si Seth Larson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6357",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T16:08:15.074450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-829",
                    "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T16:08:47.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-27T22:17:49.582Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/27/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pypi.org/project/pip",
              "defaultStatus": "unaffected",
              "packageName": "pip",
              "product": "pip",
              "repo": "https://github.com/pypa/pip",
              "vendor": "Pip maintainers",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Damian Shaw"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Damian Shaw"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Richard Si"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation."
                }
              ],
              "value": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-27T14:19:47.657Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pypa/pip/pull/13923"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "pip self-update functionality can import newly installed modules after wheel installation",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-6357",
        "datePublished": "2026-04-27T14:19:47.657Z",
        "dateReserved": "2026-04-15T13:55:02.734Z",
        "dateUpdated": "2026-04-27T22:17:49.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6019 (GCVE-0-2026-6019)

    Vulnerability from cvelistv5 – Published: 2026-04-22 19:28 – Updated: 2026-06-10 18:58
    VLAI
    Title
    BaseCookie.js_output() does not neutralize embedded characters
    Summary
    http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-150 - Improper neutralization of escape, meta, or control sequences
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Credits
    oolongeya (https://github.com/komi22) Seth Larson (https://github.com/sethmlarson)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6019",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T20:02:17.071906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T20:02:34.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "oolongeya (https://github.com/komi22)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ccode\u003ehttp.cookies.Morsel.js_output()\u003c/code\u003e returns an inline \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e snippet and only escapes \u003ccode\u003e\"\u003c/code\u003e for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence \u003ccode\u003e\u0026lt;/script\u0026gt;\u003c/code\u003e inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value."
                }
              ],
              "value": "http.cookies.Morsel.js_output() returns an inline \u003cscript\u003e snippet and only escapes \" for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence \u003c/script\u003e inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-150",
                  "description": "CWE-150 Improper neutralization of escape, meta, or control sequences",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:58:07.798Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/148848"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/90309"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/f795e042043dfe26c42e1971d4502c1cdc4c65b8"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "BaseCookie.js_output() does not neutralize embedded characters",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-6019",
        "datePublished": "2026-04-22T19:28:08.720Z",
        "dateReserved": "2026-04-09T15:35:00.668Z",
        "dateUpdated": "2026-06-10T18:58:07.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3298 (GCVE-0-2026-3298)

    Vulnerability from cvelistv5 – Published: 2026-04-21 14:45 – Updated: 2026-06-10 18:05
    VLAI
    Title
    Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
    Summary
    The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 3.11.0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Credits
    GGAutomaton (https://github.com/GGAutomaton) Victor Stinner (https://github.com/vstinner) Seth Larson (https://github.com/sethmlarson)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3298",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-21T19:15:36.206348Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-21T19:15:44.557Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "3.11.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "GGAutomaton (https://github.com/GGAutomaton)"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Victor Stinner (https://github.com/vstinner)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson (https://github.com/sethmlarson)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected."
                }
              ],
              "value": "The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:05:02.868Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/148809"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/148808"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3298",
        "datePublished": "2026-04-21T14:45:01.919Z",
        "dateReserved": "2026-02-26T20:12:47.041Z",
        "dateUpdated": "2026-06-10T18:05:02.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3219 (GCVE-0-2026-3219)

    Vulnerability from cvelistv5 – Published: 2026-04-20 14:55 – Updated: 2026-04-20 20:15
    VLAI
    Title
    pip doesn't reject concatenated ZIP and tar archives
    Summary
    pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Packaging Authority pip Affected: 0 , < 26.1 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3219",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-20T16:03:20.592162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-20T16:15:12.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-20T20:15:23.710Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/20/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pypi.org/project/pip",
              "defaultStatus": "unaffected",
              "packageName": "pip",
              "product": "pip",
              "repo": "https://github.com/pypa/pip",
              "vendor": "Python Packaging Authority",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both."
                }
              ],
              "value": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-20T15:02:54.673Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pypa/pip/pull/13870"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "pip doesn\u0027t reject concatenated ZIP and tar archives",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3219",
        "datePublished": "2026-04-20T14:55:38.282Z",
        "dateReserved": "2026-02-25T17:50:26.456Z",
        "dateUpdated": "2026-04-20T20:15:23.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5713 (GCVE-0-2026-5713)

    Vulnerability from cvelistv5 – Published: 2026-04-14 15:11 – Updated: 2026-06-10 18:58
    VLAI
    Title
    Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target
    Summary
    The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 3.14.0 , < 3.14.5 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Credits
    Nicholas Gould (https://github.com/gouldnicholas) Pablo Galindo Salgado Pablo Galindo Salgado
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5713",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T15:49:26.893551Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T15:49:38.323Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-15T17:24:22.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.14.5",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Nicholas Gould (https://github.com/gouldnicholas)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Pablo Galindo Salgado"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Pablo Galindo Salgado"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR."
                }
              ],
              "value": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:58:12.898Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/148187"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/148178"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/316f6265b7f9ca4ffed5346b747475ef1943f35d"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-5713",
        "datePublished": "2026-04-14T15:11:51.122Z",
        "dateReserved": "2026-04-06T17:16:14.111Z",
        "dateUpdated": "2026-06-10T18:58:12.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4786 (GCVE-0-2026-4786)

    Vulnerability from cvelistv5 – Published: 2026-04-13 21:52 – Updated: 2026-07-06 12:05
    VLAI
    Title
    Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
    Summary
    Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    PSF
    References
    URL Tags
    https://github.com/python/cpython/pull/148170 patch
    https://github.com/python/cpython/issues/148169 issue-tracking
    https://mail.python.org/archives/list/security-an… vendor-advisory
    https://github.com/python/cpython/commit/c5767a72… patch
    https://github.com/python/cpython/commit/d22922c8… patch
    https://github.com/python/cpython/commit/f4654824… patch
    https://github.com/python/cpython/commit/28b4ad38… patch
    https://github.com/python/cpython/commit/d6d68494… patch
    https://access.redhat.com/security/cve/CVE-2026-4786 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2458049 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:22144 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19589 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35838 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13812 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16699 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10711 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19064 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19019 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28581 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11077 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11062 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10950 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19590 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17619 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19549 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19571 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19570 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13692 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21682 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14653 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17525 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14652 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14656 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10949 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10774 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10745 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19216 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19175 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19177 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19176 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28247 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30078 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30088 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10140 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8822 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8824 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10117 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9228 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11768 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21275 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)     cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)     cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Middleware Containers for OpenShift     cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.2     cpe:/a:redhat:ai_inference_server:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3     cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3     cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 5     cpe:/a:redhat:rhui:5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Credits
    an7y Seth Larson Stan Ulbrych
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T13:43:47.712946Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T13:43:54.704Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhosemc:1.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Middleware Containers for OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhui:5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Update Infrastructure 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-13T21:52:19.036Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-88",
                    "description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T12:05:01.259Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-4786"
              },
              {
                "name": "RHBZ#2458049",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4786.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22144"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19589"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35838"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13812"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16699"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10711"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19064"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19019"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28581"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11077"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11062"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10950"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19590"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17619"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19549"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26187"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19571"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19570"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13692"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21682"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14653"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17525"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19576"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14652"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14656"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10949"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10774"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10745"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19216"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19175"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19177"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19176"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28247"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25096"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30078"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30089"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30088"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10140"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10141"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8822"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8824"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10117"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9228"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11768"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21275"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:22144: Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION), Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19589: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35838: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13812: Middleware Containers for OpenShift"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16699: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10711: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19064: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19019: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28581: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11077: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11062: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10950: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19590: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17619: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19549: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26187: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19571: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19570: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13692: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21682: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14653: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17525: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19576: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14652: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14656: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10949: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10774: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10745: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19216: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19175: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19177: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19176: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28247: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25096: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30078: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30089: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30088: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30087: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10140: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10141: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8822: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8824: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10117: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9228: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11768: Red Hat Update Infrastructure 5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21275: Red Hat Update Infrastructure 5"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-13T22:01:38.006Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-13T21:52:19.036Z",
                "value": "Made public."
              }
            ],
            "title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "an7y"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stan Ulbrych"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "Mitgation of\u0026nbsp;CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See\u0026nbsp;CVE-2026-4519 for details."
                }
              ],
              "value": "Mitgation of\u00a0CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See\u00a0CVE-2026-4519 for details."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T19:01:31.611Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/148170"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/148169"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-4786",
        "datePublished": "2026-04-13T21:52:19.036Z",
        "dateReserved": "2026-03-24T19:25:48.269Z",
        "dateUpdated": "2026-07-06T12:05:01.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6100 (GCVE-0-2026-6100)

    Vulnerability from cvelistv5 – Published: 2026-04-13 17:15 – Updated: 2026-07-03 12:05
    VLAI
    Title
    Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
    Summary
    Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    References
    URL Tags
    https://github.com/python/cpython/pull/148396 patch
    https://mail.python.org/archives/list/security-an… vendor-advisory
    https://github.com/python/cpython/issues/148395 issue-tracking
    https://github.com/python/cpython/commit/6a5f79c8… patch
    https://github.com/python/cpython/commit/8fc66aef… patch
    https://github.com/python/cpython/commit/c3cf71c3… patch
    https://github.com/python/cpython/commit/47128e64… patch
    https://github.com/python/cpython/commit/e20c6c96… patch
    http://www.openwall.com/lists/oss-security/2026/0…
    https://access.redhat.com/security/cve/CVE-2026-6100 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2457932 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:13812 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16699 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10711 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19064 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19019 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11077 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11062 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10950 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19590 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17619 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19549 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19571 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19570 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13692 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21682 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14653 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17525 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14652 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14656 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10949 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10774 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10745 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19216 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19175 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19177 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19176 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30078 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30088 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10140 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8822 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8824 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10117 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9228 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11768 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21275 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Red Hat Middleware Containers for OpenShift     cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.2     cpe:/a:redhat:ai_inference_server:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3     cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3     cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 5     cpe:/a:redhat:rhui:5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI) 3     cpe:/a:redhat:enterprise_linux_ai:3
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Credits
    Ryan Hileman Stan Ulbrych Seth Larson Stan Ulbrych Ryan Hileman
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6100",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T19:21:03.412763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T19:21:10.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-13T19:29:27.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/13/10"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:rhosemc:1.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Middleware Containers for OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhui:5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Update Infrastructure 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-13T17:15:47.606Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Python\u0027s decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-825",
                    "description": "Expired Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T12:05:13.620Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-6100"
              },
              {
                "name": "RHBZ#2457932",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6100.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13812"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16699"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10711"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19064"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19019"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11077"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11062"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10950"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19590"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17619"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19549"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26187"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19571"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19570"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13692"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21682"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14653"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17525"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19576"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14652"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14656"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10949"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10774"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10745"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19216"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19175"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19177"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19176"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25096"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30078"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30089"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30088"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10140"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10141"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8822"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8824"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10117"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9228"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11768"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21275"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:13812: Middleware Containers for OpenShift"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16699: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10711: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19064: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19019: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11077: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11062: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10950: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19590: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17619: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19549: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26187: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19571: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19570: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13692: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21682: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14653: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17525: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19576: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14652: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14656: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10949: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10774: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10745: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19216: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19175: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19177: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19176: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25096: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30078: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30089: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30088: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30087: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10140: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10141: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8822: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8824: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10117: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9228: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11768: Red Hat Update Infrastructure 5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21275: Red Hat Update Infrastructure 5"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-13T18:01:31.970Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-13T17:15:47.606Z",
                "value": "Made public."
              }
            ],
            "title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ryan Hileman"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stan Ulbrych"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Stan Ulbrych"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Ryan Hileman"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\u003cbr\u003e\u003cbr\u003eThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable."
                }
              ],
              "value": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\n\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:58:01.371Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/148396"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/148395"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-6100",
        "datePublished": "2026-04-13T17:15:47.606Z",
        "dateReserved": "2026-04-10T21:13:45.428Z",
        "dateUpdated": "2026-07-03T12:05:13.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3446 (GCVE-0-2026-3446)

    Vulnerability from cvelistv5 – Published: 2026-04-10 18:17 – Updated: 2026-04-13 16:07
    VLAI
    Title
    Base64 decoding stops at first padded quad by default
    Summary
    When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "validate=True" to enable stricter processing of base64 data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Credits
    Serhiy Storchaka
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3446",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T16:06:04.489473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-345",
                    "description": "CWE-345 Insufficient Verification of Data Authenticity",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T16:07:24.229Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "base64"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Serhiy Storchaka"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use \"validate=True\" to enable stricter processing of base64 data."
                }
              ],
              "value": "When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use \"validate=True\" to enable stricter processing of base64 data."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T18:26:41.904Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/145267"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/145264"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/4561f6418a691b3e89aef0901f53fe0dfb7f7c0e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e31c55121620189a0d1a07b689762d8ca9c1b7fa"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Base64 decoding stops at first padded quad by default",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3446",
        "datePublished": "2026-04-10T18:17:35.045Z",
        "dateReserved": "2026-03-02T16:15:14.567Z",
        "dateUpdated": "2026-04-13T16:07:24.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1502 (GCVE-0-2026-1502)

    Vulnerability from cvelistv5 – Published: 2026-04-10 17:54 – Updated: 2026-06-30 15:12
    VLAI
    Title
    HTTP client proxy tunnel headers not validated for CR/LF
    Summary
    CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.14 (python)
    Affected: 3.14.0a1 , < 3.14.5rc1 (python)
    Affected: 3.15.0a1 , < 3.15.0b1 (python)
    Create a notification for this product.
    Credits
    senseicat Seth Larson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-11T04:39:26.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/11/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1502",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T16:08:30.380828Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-93",
                    "description": "CWE-93 Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-10T20:05:37.267Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "http.client",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.5rc1",
                  "status": "affected",
                  "version": "3.14.0a1",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0b1",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "senseicat"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "type": "text/html",
                  "value": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host."
                }
              ],
              "value": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:12:43.900Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/146212"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/146211"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2ed"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/9e071c9b28c17f347f81b388a003d4eeb3c7a8dd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/c00c386faa579ad71196d33408644478488e43ec"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/56b7100b04e44ea27989242b176beb8f016b2c53"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/58703ec1bdd1eb075e8b01a0c427683ce594dd3e"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTTP client proxy tunnel headers not validated for CR/LF",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-1502",
        "datePublished": "2026-04-10T17:54:44.121Z",
        "dateReserved": "2026-01-27T19:10:37.711Z",
        "dateUpdated": "2026-06-30T15:12:43.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5271 (GCVE-0-2026-5271)

    Vulnerability from cvelistv5 – Published: 2026-04-01 13:48 – Updated: 2026-04-01 23:12
    VLAI
    Title
    Possible to hijack modules in current working directory
    Summary
    pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command (e.g., pip, pytest) from an attacker-controlled directory, a malicious module in that directory can be imported and executed instead of the intended package.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation pymanager Affected: 26.0 , < 26.1 (python)
    Create a notification for this product.
    Credits
    Steve Dower LAKSHMIKANTHAN K
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5271",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T17:58:52.079116Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T17:58:58.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python/pymanager/security/advisories/GHSA-jr5x-hgm4-rrm6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-01T23:12:18.741Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/01/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "pymanager",
              "repo": "https://github.com/python/pymanager",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "26.1",
                  "status": "affected",
                  "version": "26.0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Steve Dower"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "LAKSHMIKANTHAN K"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory.\u0026nbsp;As a result, if a user executes a pymanager-generated command (e.g., \u003ccode\u003epip\u003c/code\u003e, \u003ccode\u003epytest\u003c/code\u003e)\n from an attacker-controlled directory, a malicious module in that \ndirectory can be imported and executed instead of the intended package."
                }
              ],
              "value": "pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory.\u00a0As a result, if a user executes a pymanager-generated command (e.g., pip, pytest)\n from an attacker-controlled directory, a malicious module in that \ndirectory can be imported and executed instead of the intended package."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T15:38:55.523Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/python/pymanager/security/advisories/GHSA-jr5x-hgm4-rrm6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible to hijack modules in current working directory",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-5271",
        "datePublished": "2026-04-01T13:48:07.534Z",
        "dateReserved": "2026-03-31T20:02:35.393Z",
        "dateUpdated": "2026-04-01T23:12:18.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4519 (GCVE-0-2026-4519)

    Vulnerability from cvelistv5 – Published: 2026-03-20 15:08 – Updated: 2026-06-30 12:10
    VLAI
    Title
    webbrowser.open() allows leading dashes in URLs
    Summary
    The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    PSF
    References
    URL Tags
    https://github.com/python/cpython/pull/143931 patch
    https://github.com/python/cpython/issues/143930 issue-tracking
    https://mail.python.org/archives/list/security-an… vendor-advisory
    https://github.com/python/cpython/commit/43fe06b9… patch
    https://github.com/python/cpython/commit/82a24a44… patch
    https://github.com/python/cpython/commit/9669a912… patch
    https://github.com/python/cpython/commit/ad4d5ba3… patch
    https://github.com/python/cpython/commit/ceac1efc… patch
    https://github.com/python/cpython/commit/cbba6119… patch
    https://github.com/python/cpython/commit/3681d47a… patch
    https://github.com/python/cpython/commit/591ed890… patch
    https://github.com/python/cpython/commit/594b5a05… patch
    https://github.com/python/cpython/commit/89bfb8e5… patch
    https://github.com/python/cpython/commit/96fc5048… patch
    https://github.com/python/cpython/commit/cc023511… patch
    http://www.openwall.com/lists/oss-security/2026/03/20/1
    https://access.redhat.com/security/cve/CVE-2026-4519 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2449649 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:10102 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9614 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9745 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13812 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7244 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6256 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19064 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19019 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6473 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6281 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6283 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9387 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9621 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9386 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9289 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9591 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9261 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9262 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9260 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10101 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9042 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9354 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9705 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7010 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6766 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6286 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6285 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19216 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19175 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19177 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19176 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7335 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19724 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19725 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16008 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8748 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8746 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16030 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8747 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16174 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7329 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10140 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6016 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7443 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7661 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21275 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10065 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)     cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)     cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Middleware Containers for OpenShift     cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v. 8.2)     cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v. 8.2)     cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.2     cpe:/a:redhat:ai_inference_server:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3     cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Discovery 2     cpe:/a:redhat:discovery:2::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3     cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 5     cpe:/a:redhat:rhui:5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Credits
    Seth Larson Gregory P. Smith an7y
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-20T20:07:08.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/20/1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T14:30:47.809505Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T14:31:16.543Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhosemc:1.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Middleware Containers for OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:discovery:2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Discovery 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhui:5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Update Infrastructure 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-20T15:08:32.576Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-88",
                    "description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:10:40.969Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-4519"
              },
              {
                "name": "RHBZ#2449649",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4519.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10102"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9614"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9745"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13812"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7244"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6256"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19064"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19019"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6473"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6281"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6283"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9387"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9621"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9386"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9289"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9591"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9261"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9262"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9260"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10101"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9042"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9354"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9705"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7010"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6766"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6286"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6285"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19216"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19175"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19177"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19176"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25096"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7335"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19724"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19725"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16008"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8748"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8746"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16030"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8747"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16009"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16174"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7329"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10140"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10141"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6016"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6035"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7443"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7661"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21275"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10065"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:10102: Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION), Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9614: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9745: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13812: Middleware Containers for OpenShift"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7244: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6256: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19064: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19019: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6473: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6281: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6283: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9387: Red Hat Enterprise Linux AppStream AUS (v. 8.2), Red Hat Enterprise Linux BaseOS AUS (v. 8.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9621: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9386: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9289: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9591: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9261: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9262: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9260: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10101: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9042: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10111: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9354: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9705: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7010: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6766: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6286: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6285: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19216: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19175: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19177: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19176: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25096: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7335: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19724: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19725: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16008: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8748: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8746: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16030: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8747: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16009: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16174: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7329: Red Hat Discovery 2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10140: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10141: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6016: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6035: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7443: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7661: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21275: Red Hat Update Infrastructure 5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10065: Red Hat Update Infrastructure 5"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-20T16:02:13.494Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-20T15:08:32.576Z",
                "value": "Made public."
              }
            ],
            "title": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "webbrowser"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Seth Larson"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Gregory P. Smith"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "an7y"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open()."
                }
              ],
              "value": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open()."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T21:47:40.137Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/143931"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/143930"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "webbrowser.open() allows leading dashes in URLs",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-4519",
        "datePublished": "2026-03-20T15:08:32.576Z",
        "dateReserved": "2026-03-20T15:01:11.126Z",
        "dateUpdated": "2026-06-30T12:10:40.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3479 (GCVE-0-2026-3479)

    Vulnerability from cvelistv5 – Published: 2026-03-18 18:13 – Updated: 2026-04-07 22:01 Disputed
    VLAI
    Title
    pkgutil.get_data() does not enforce documented restrictions
    Summary
    DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3479",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T18:50:20.603616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T18:50:41.609Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "pkgutil"
              ],
              "product": "CPython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model.\u003c/p\u003e\u003cp\u003epkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.\u003c/p\u003e"
                }
              ],
              "value": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model.\n\npkgutil.get_data() did not validate the resource argument as documented, allowing path traversals."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 0,
                "baseSeverity": "NONE",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T22:01:35.724Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/146122"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYLLVQOOCKGK73JM7Z7ZSNOJC4N7BAWY/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/146121"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/bcdf231946b1da8bdfbab4c05539bb0cc964a1c7"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/5af6ce3e7b643a30a02d22245c1e3f4a8bc0a1fe"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/cf59bf76470f3d75ad47d80ffb8ce76b64b5e943"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d786d59a8f7196bb630100a869f28ad13436b59c"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "disputed"
          ],
          "title": "pkgutil.get_data() does not enforce documented restrictions",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3479",
        "datePublished": "2026-03-18T18:13:42.288Z",
        "dateReserved": "2026-03-03T14:18:35.394Z",
        "dateUpdated": "2026-04-07T22:01:35.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4224 (GCVE-0-2026-4224)

    Vulnerability from cvelistv5 – Published: 2026-03-16 17:52 – Updated: 2026-04-08 12:55
    VLAI
    Title
    Stack overflow parsing XML with deeply nested DTD content models
    Summary
    When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Credits
    Gil Portnoy Stan Ulbrych Bénédikt Tran Stan Ulbrych
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4224",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T18:20:48.548008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-674",
                    "description": "CWE-674 Uncontrolled Recursion",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T18:21:11.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-16T23:08:21.692Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/16/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Gil Portnoy"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stan Ulbrych"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "B\u00e9n\u00e9dikt Tran"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Stan Ulbrych"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs."
                }
              ],
              "value": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T12:55:03.693Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/145986"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/145987"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack overflow parsing XML with deeply nested DTD content models",
          "x_generator": {
            "engine": "Vulnogram 0.6.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-4224",
        "datePublished": "2026-03-16T17:52:26.639Z",
        "dateReserved": "2026-03-15T18:10:54.886Z",
        "dateUpdated": "2026-04-08T12:55:03.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3644 (GCVE-0-2026-3644)

    Vulnerability from cvelistv5 – Published: 2026-03-16 17:37 – Updated: 2026-06-30 15:11
    VLAI
    Title
    Incomplete control character validation in http.cookies
    Summary
    The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Credits
    Stan Ulbrych Stan Ulbrych Victor Stinner Seth Larson Vyom Yadav
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3644",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T18:25:27.051552Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-116",
                    "description": "CWE-116 Improper Encoding or Escaping of Output",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T18:25:55.021Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "http.cookies"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Stan Ulbrych"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stan Ulbrych"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Victor Stinner"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Seth Larson"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Vyom Yadav"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output()."
                }
              ],
              "value": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output()."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:11:21.792Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/145599"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/145600"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/556aa098e738b127c714866f819b4abe2f7593d8"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/dae4b1a21f8df4570e30986affd61bbe4ade4cef"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incomplete control character validation in http.cookies",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-3644",
        "datePublished": "2026-03-16T17:37:31.344Z",
        "dateReserved": "2026-03-06T16:13:09.289Z",
        "dateUpdated": "2026-06-30T15:11:21.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13462 (GCVE-0-2025-13462)

    Vulnerability from cvelistv5 – Published: 2026-03-12 17:59 – Updated: 2026-06-04 14:02
    VLAI
    Title
    tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
    Summary
    The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    • CWE-20 - Improper Input Validation
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a8 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T19:09:23.808172Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-74",
                    "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T19:09:51.230Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tarfile"
              ],
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a8",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations."
                }
              ],
              "value": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T14:02:48.304Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/143934"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/141707"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/72dde1016493c52abe857fc4a7bf6c40138b4114"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/9a23b753552afa28e3a2f4d8863572fc66479406"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/d10950739a78f54d0718d88fb5a868374603c084"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2025-13462",
        "datePublished": "2026-03-12T17:59:26.620Z",
        "dateReserved": "2025-11-19T22:05:07.578Z",
        "dateUpdated": "2026-06-04T14:02:48.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2297 (GCVE-0-2026-2297)

    Vulnerability from cvelistv5 – Published: 2026-03-04 22:10 – Updated: 2026-05-01 15:13
    VLAI
    Title
    SourcelessFileLoader does not use io.open_code()
    Summary
    The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Software Foundation CPython Affected: 0 , < 3.13.13 (python)
    Affected: 3.14.0 , < 3.14.4 (python)
    Affected: 3.15.0a1 , < 3.15.0a7 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-05T18:35:25.713Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/05/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T14:58:41.472003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-668",
                    "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T14:58:46.051Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPython",
              "repo": "https://github.com/python/cpython",
              "vendor": "Python Software Foundation",
              "versions": [
                {
                  "lessThan": "3.13.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.14.4",
                  "status": "affected",
                  "version": "3.14.0",
                  "versionType": "python"
                },
                {
                  "lessThan": "3.15.0a7",
                  "status": "affected",
                  "version": "3.15.0a1",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The import hook in CPython that handles legacy \u003ccode\u003e*.pyc\u003c/code\u003e files (\u003ccode\u003eSourcelessFileLoader\u003c/code\u003e) is incorrectly handled in \u003ccode\u003eFileLoader\u003c/code\u003e (a base class) and so does not use \u003ccode\u003eio.open_code()\u003c/code\u003e to read the \u003ccode\u003e.pyc\u003c/code\u003e files. sys.audit handlers for this audit event therefore do not fire."
                }
              ],
              "value": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-01T15:13:05.340Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/python/cpython/issues/145506"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/pull/145507"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/69ddd9bb2cc4bd69b1565647c18659c6a789ccd9"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/python/cpython/commit/876858c9f65d9ab656c7fa639f268ce7856d89dd"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SourcelessFileLoader does not use io.open_code()",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-2297",
        "datePublished": "2026-03-04T22:10:43.297Z",
        "dateReserved": "2026-02-10T16:26:08.298Z",
        "dateUpdated": "2026-05-01T15:13:05.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1703 (GCVE-0-2026-1703)

    Vulnerability from cvelistv5 – Published: 2026-02-02 14:43 – Updated: 2026-02-02 17:21
    VLAI
    Title
    Limited path traversal when installing wheel archives
    Summary
    When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    PSF
    Impacted products
    Vendor Product Version
    Python Packaging Authority pip Affected: 0 , < 26.0 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1703",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-02T17:21:09.808485Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-02T17:21:25.369Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pypi.org",
              "defaultStatus": "unaffected",
              "packageName": "pip",
              "product": "pip",
              "repo": "https://github.com/pypa/pip",
              "vendor": "Python Packaging Authority",
              "versions": [
                {
                  "lessThan": "26.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn\u0027t able to inject or overwrite executable files in typical situations."
                }
              ],
              "value": "When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn\u0027t able to inject or overwrite executable files in typical situations."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T14:45:44.871Z",
            "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
            "shortName": "PSF"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pypa/pip/pull/13777"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Limited path traversal when installing wheel archives",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "assignerShortName": "PSF",
        "cveId": "CVE-2026-1703",
        "datePublished": "2026-02-02T14:43:02.919Z",
        "dateReserved": "2026-01-30T15:17:22.133Z",
        "dateUpdated": "2026-02-02T17:21:25.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }