Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2026:10950
Vulnerability from osv_almalinux
Published
2026-04-27 00:00
Modified
2026-04-28 13:40
Summary
Important: python3.12 security update
Details
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
- python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)
- cpython: Out-of-memory when loading Plist (CVE-2025-13837)
- cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)
- cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)
- cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)
- cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)
- cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)
- python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)
- python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
- python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.12"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12.13-2.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.12-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12.13-2.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.12-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12.13-2.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.12-idle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12.13-2.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.12-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12.13-2.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.12-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12.13-2.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.12-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12.13-2.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.12-tkinter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12.13-2.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es): \n\n * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n * python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)\n * cpython: Out-of-memory when loading Plist (CVE-2025-13837)\n * cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)\n * cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)\n * cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)\n * cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)\n * cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)\n * python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)\n * python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)\n * python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:10950",
"modified": "2026-04-28T13:40:19Z",
"published": "2026-04-27T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:10950"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-13837"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-15282"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-0672"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-1502"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2297"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-3644"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-4224"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2395108"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2408891"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2418084"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2431366"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2431374"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2444691"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2448168"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2448181"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2457409"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2457932"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2458049"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-10950.html"
}
],
"related": [
"CVE-2025-59375",
"CVE-2025-6075",
"CVE-2025-13837",
"CVE-2025-15282",
"CVE-2026-0672",
"CVE-2026-2297",
"CVE-2026-3644",
"CVE-2026-4224",
"CVE-2026-1502",
"CVE-2026-6100",
"CVE-2026-4786"
],
"summary": "Important: python3.12 security update"
}
CVE-2025-13837 (GCVE-0-2025-13837)
Vulnerability from cvelistv5 – Published: 2025-12-01 18:13 – Updated: 2026-03-03 14:41
VLAI?
EPSS
Title
Out-of-memory when loading Plist
Summary
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://github.com/python/cpython/pull/119343 | patch |
| https://github.com/python/cpython/issues/119342 | issue-tracking |
| https://github.com/python/cpython/commit/694922cf… | patch |
| https://github.com/python/cpython/commit/71fa8eb8… | patch |
| https://github.com/python/cpython/commit/b64441e4… | patch |
| https://mail.python.org/archives/list/security-an… | vendor-advisory |
| https://github.com/python/cpython/commit/5a8b1967… | patch |
| https://github.com/python/cpython/commit/568342cf… | patch |
| https://github.com/python/cpython/commit/cefee7d1… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.10.20
(python)
Affected: 3.11.0 , < 3.11.15 (python) Affected: 3.12.0 , < 3.12.13 (python) Affected: 3.13.0 , < 3.13.10 (python) Affected: 3.14.0 , < 3.14.1 (python) Affected: 3.15.0a1 , < 3.15.0a3 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T18:23:28.615317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T15:16:47.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"plistlib"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.10.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.11.15",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.13",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.10",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.1",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
},
{
"lessThan": "3.15.0a3",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues"
}
],
"value": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T14:41:54.597Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/119343"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/119342"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-memory when loading Plist",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-13837",
"datePublished": "2025-12-01T18:13:32.739Z",
"dateReserved": "2025-12-01T17:54:41.439Z",
"dateUpdated": "2026-03-03T14:41:54.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15282 (GCVE-0-2025-15282)
Vulnerability from cvelistv5 – Published: 2026-01-20 21:35 – Updated: 2026-03-03 14:42
VLAI?
EPSS
Title
Header injection via newlines in data URL mediatype
Summary
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
Severity ?
CWE
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://github.com/python/cpython/pull/143926 | patch |
| https://github.com/python/cpython/issues/143925 | issue-tracking |
| https://mail.python.org/archives/list/security-an… | vendor-advisory |
| https://github.com/python/cpython/commit/f25509e7… | patch |
| https://github.com/python/cpython/commit/05356b1c… | patch |
| https://github.com/python/cpython/commit/34d76b00… | patch |
| https://github.com/python/cpython/commit/3f396ca9… | patch |
| https://github.com/python/cpython/commit/4ed11d3c… | patch |
| https://github.com/python/cpython/commit/a35ca3be… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.10.20
(python)
Affected: 3.11.0 , < 3.11.15 (python) Affected: 3.12.0 , < 3.12.13 (python) Affected: 3.13.0 , < 3.13.12 (python) Affected: 3.14.0 , < 3.14.3 (python) Affected: 3.15.0a1 , < 3.15.0a6 (python) |
Credits
Omar M. Hasan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:40:21.188269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T16:14:47.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"urllib"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.10.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.11.15",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.13",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.12",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.3",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
},
{
"lessThan": "3.15.0a6",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Omar M. Hasan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype."
}
],
"value": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T14:42:00.488Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/143926"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/143925"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Header injection via newlines in data URL mediatype",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-15282",
"datePublished": "2026-01-20T21:35:13.865Z",
"dateReserved": "2025-12-29T21:04:54.816Z",
"dateUpdated": "2026-03-03T14:42:00.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59375 (GCVE-0-2025-59375)
Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2026-05-12 12:08
VLAI?
EPSS
Summary
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| libexpat project | libexpat |
Affected:
0 , < 2.7.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T20:22:58.509715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T20:23:08.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-01T14:25:12.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/16/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCH328",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM324",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM328",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM332",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRH334 (24 V DC, 8xFO, CC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230 V AC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230 V AC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24 V DC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24 V DC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230 V AC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230 V AC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:30.282Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libexpat",
"vendor": "libexpat project",
"versions": [
{
"lessThan": "2.7.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T13:21:47.961Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"url": "https://issues.oss-fuzz.com/issues/439133977"
},
{
"url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59375",
"datePublished": "2025-09-15T00:00:00.000Z",
"dateReserved": "2025-09-15T00:00:00.000Z",
"dateUpdated": "2026-05-12T12:08:30.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6075 (GCVE-0-2025-6075)
Vulnerability from cvelistv5 – Published: 2025-10-31 16:41 – Updated: 2026-03-03 14:43
VLAI?
EPSS
Title
Quadratic complexity in os.path.expandvars() with user-controlled template
Summary
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment
variables.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://github.com/python/cpython/issues/136065 | issue-tracking |
| https://mail.python.org/archives/list/security-an… | vendor-advisory |
| https://github.com/python/cpython/commit/2e6150ad… | patch |
| https://github.com/python/cpython/commit/631ba340… | patch |
| https://github.com/python/cpython/commit/892747b4… | patch |
| https://github.com/python/cpython/commit/9ab89c02… | patch |
| https://github.com/python/cpython/commit/c8a5f343… | patch |
| https://github.com/python/cpython/commit/f029e8db… | patch |
| https://github.com/python/cpython/commit/5dceb934… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.10.20
(python)
Affected: 3.11.0 , < 3.11.15 (python) Affected: 3.12.0 , < 3.12.13 (python) Affected: 3.13.0 , < 3.13.10 (python) Affected: 3.14.0 , < 3.14.1 (python) Affected: 3.15.0a1 , < 3.15.0a2 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:54:46.289107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:55:40.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.10.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.11.15",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.13",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.10",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.1",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
},
{
"lessThan": "3.15.0a2",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.14.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIf the value passed to os.path.expandvars() is user-controlled a \nperformance degradation is possible when expanding environment \nvariables.\u003c/div\u003e"
}
],
"value": "If the value passed to os.path.expandvars() is user-controlled a \nperformance degradation is possible when expanding environment \nvariables."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T14:43:01.737Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/136065"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Quadratic complexity in os.path.expandvars() with user-controlled template",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-6075",
"datePublished": "2025-10-31T16:41:34.983Z",
"dateReserved": "2025-06-13T15:05:20.139Z",
"dateUpdated": "2026-03-03T14:43:01.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0672 (GCVE-0-2026-0672)
Vulnerability from cvelistv5 – Published: 2026-01-20 21:52 – Updated: 2026-03-03 14:43
VLAI?
EPSS
Title
Header injection in http.cookies.Morsel
Summary
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
Severity ?
CWE
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://github.com/python/cpython/pull/143920 | patch |
| https://github.com/python/cpython/issues/143919 | issue-tracking |
| https://mail.python.org/archives/list/security-an… | vendor-advisory |
| https://github.com/python/cpython/commit/95746b3a… | patch |
| https://github.com/python/cpython/commit/712452e6… | patch |
| https://github.com/python/cpython/commit/62700107… | patch |
| https://github.com/python/cpython/commit/7852d72b… | patch |
| https://github.com/python/cpython/commit/918387e4… | patch |
| https://github.com/python/cpython/commit/b1869ff6… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.10.20
(python)
Affected: 3.11.0 , < 3.11.15 (python) Affected: 3.12.0 , < 3.12.13 (python) Affected: 3.13.0 , < 3.13.12 (python) Affected: 3.14.0 , < 3.14.3 (python) Affected: 3.15.0a1 , < 3.15.0a6 (python) |
Credits
Omar M. Hasan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:40:11.672802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T16:14:06.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"http.cookies"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.10.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.11.15",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.13",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.12",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.3",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
},
{
"lessThan": "3.15.0a6",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Omar M. Hasan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters."
}
],
"value": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T14:43:20.490Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/143920"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/143919"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Header injection in http.cookies.Morsel",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2026-0672",
"datePublished": "2026-01-20T21:52:33.925Z",
"dateReserved": "2026-01-07T17:08:45.326Z",
"dateUpdated": "2026-03-03T14:43:20.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1502 (GCVE-0-2026-1502)
Vulnerability from cvelistv5 – Published: 2026-04-10 17:54 – Updated: 2026-05-12 13:24
VLAI?
EPSS
Title
HTTP client proxy tunnel headers not validated for CR/LF
Summary
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
Severity ?
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/python/cpython/pull/146212 | patch |
| https://github.com/python/cpython/issues/146211 | issue-tracking |
| https://mail.python.org/archives/list/security-an… | vendor-advisory |
| https://github.com/python/cpython/commit/05ed7ce7… | patch |
| https://github.com/python/cpython/commit/b1cf9016… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.14.5rc1
(python)
Affected: 3.15.0a1 , < 3.15.0b1 (python) |
Credits
senseicat
Seth Larson
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-11T04:39:26.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/11/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T16:08:30.380828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T20:05:37.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "http.client",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.14.5rc1",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.15.0b1",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "senseicat"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"type": "text/html",
"value": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host."
}
],
"value": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T13:24:35.847Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/146212"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/146211"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2ed"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTTP client proxy tunnel headers not validated for CR/LF",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2026-1502",
"datePublished": "2026-04-10T17:54:44.121Z",
"dateReserved": "2026-01-27T19:10:37.711Z",
"dateUpdated": "2026-05-12T13:24:35.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2297 (GCVE-0-2026-2297)
Vulnerability from cvelistv5 – Published: 2026-03-04 22:10 – Updated: 2026-05-01 15:13
VLAI?
EPSS
Title
SourcelessFileLoader does not use io.open_code()
Summary
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.
Severity ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/python/cpython/issues/145506 | issue-tracking |
| https://github.com/python/cpython/pull/145507 | patch |
| https://github.com/python/cpython/commit/482d6f8b… | patch |
| https://github.com/python/cpython/commit/a51b1b51… | patch |
| https://github.com/python/cpython/commit/e58e9802… | patch |
| https://github.com/python/cpython/commit/69ddd9bb… | patch |
| https://github.com/python/cpython/commit/876858c9… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.13.13
(python)
Affected: 3.14.0 , < 3.14.4 (python) Affected: 3.15.0a1 , < 3.15.0a7 (python) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-05T18:35:25.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/05/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T14:58:41.472003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T14:58:46.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.13.13",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.14.4",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
},
{
"lessThan": "3.15.0a7",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The import hook in CPython that handles legacy \u003ccode\u003e*.pyc\u003c/code\u003e files (\u003ccode\u003eSourcelessFileLoader\u003c/code\u003e) is incorrectly handled in \u003ccode\u003eFileLoader\u003c/code\u003e (a base class) and so does not use \u003ccode\u003eio.open_code()\u003c/code\u003e to read the \u003ccode\u003e.pyc\u003c/code\u003e files. sys.audit handlers for this audit event therefore do not fire."
}
],
"value": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T15:13:05.340Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/145506"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/145507"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/69ddd9bb2cc4bd69b1565647c18659c6a789ccd9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/876858c9f65d9ab656c7fa639f268ce7856d89dd"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SourcelessFileLoader does not use io.open_code()",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2026-2297",
"datePublished": "2026-03-04T22:10:43.297Z",
"dateReserved": "2026-02-10T16:26:08.298Z",
"dateUpdated": "2026-05-01T15:13:05.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3644 (GCVE-0-2026-3644)
Vulnerability from cvelistv5 – Published: 2026-03-16 17:37 – Updated: 2026-04-07 22:01
VLAI?
EPSS
Title
Incomplete control character validation in http.cookies
Summary
The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().
Severity ?
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://mail.python.org/archives/list/security-an… | vendor-advisory |
| https://github.com/python/cpython/commit/57e88c1c… | patch |
| https://github.com/python/cpython/issues/145599 | issue-tracking |
| https://github.com/python/cpython/pull/145600 | patch |
| https://github.com/python/cpython/commit/62ceb396… | patch |
| https://github.com/python/cpython/commit/d16ecc6c… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.13.13
(python)
Affected: 3.14.0 , < 3.14.4 (python) Affected: 3.15.0a1 , < 3.15.0a8 (python) |
Credits
Stan Ulbrych
Stan Ulbrych
Victor Stinner
Seth Larson
Vyom Yadav
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T18:25:27.051552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T18:25:55.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"http.cookies"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.13.13",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.14.4",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
},
{
"lessThan": "3.15.0a8",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "Stan Ulbrych"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stan Ulbrych"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Victor Stinner"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "reporter",
"value": "Vyom Yadav"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output()."
}
],
"value": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output()."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:01:41.034Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/145599"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/145600"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incomplete control character validation in http.cookies",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2026-3644",
"datePublished": "2026-03-16T17:37:31.344Z",
"dateReserved": "2026-03-06T16:13:09.289Z",
"dateUpdated": "2026-04-07T22:01:41.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4224 (GCVE-0-2026-4224)
Vulnerability from cvelistv5 – Published: 2026-03-16 17:52 – Updated: 2026-04-08 12:55
VLAI?
EPSS
Title
Stack overflow parsing XML with deeply nested DTD content models
Summary
When an Expat parser with a registered ElementDeclHandler parses an inline
document type definition containing a deeply nested content model a C stack
overflow occurs.
Severity ?
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/python/cpython/commit/eb0e8be3… | patch |
| https://mail.python.org/archives/list/security-an… | vendor-advisory |
| https://github.com/python/cpython/issues/145986 | issue-tracking |
| https://github.com/python/cpython/pull/145987 | patch |
| https://github.com/python/cpython/commit/196edfb0… | patch |
| https://github.com/python/cpython/commit/e0a8a6da… | patch |
| https://github.com/python/cpython/commit/642865dd… | patch |
| https://github.com/python/cpython/commit/af856a71… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.13.13
(python)
Affected: 3.14.0 , < 3.14.4 (python) Affected: 3.15.0a1 , < 3.15.0a8 (python) |
Credits
Gil Portnoy
Stan Ulbrych
Bénédikt Tran
Stan Ulbrych
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T18:20:48.548008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T18:21:11.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-16T23:08:21.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/16/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.13.13",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.14.4",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
},
{
"lessThan": "3.15.0a8",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Gil Portnoy"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stan Ulbrych"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "B\u00e9n\u00e9dikt Tran"
},
{
"lang": "en",
"type": "coordinator",
"value": "Stan Ulbrych"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs."
}
],
"value": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T12:55:03.693Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/145986"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/145987"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack overflow parsing XML with deeply nested DTD content models",
"x_generator": {
"engine": "Vulnogram 0.6.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2026-4224",
"datePublished": "2026-03-16T17:52:26.639Z",
"dateReserved": "2026-03-15T18:10:54.886Z",
"dateUpdated": "2026-04-08T12:55:03.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4786 (GCVE-0-2026-4786)
Vulnerability from cvelistv5 – Published: 2026-04-13 21:52 – Updated: 2026-04-29 15:30
VLAI?
EPSS
Title
Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Summary
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.
Severity ?
CWE
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/python/cpython/pull/148170 | patch |
| https://github.com/python/cpython/issues/148169 | issue-tracking |
| https://mail.python.org/archives/list/security-an… | vendor-advisory |
| https://github.com/python/cpython/commit/c5767a72… | patch |
| https://github.com/python/cpython/commit/d22922c8… | patch |
| https://github.com/python/cpython/commit/f4654824… | patch |
| https://github.com/python/cpython/commit/28b4ad38… | patch |
| https://github.com/python/cpython/commit/d6d68494… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.15.0
(python)
|
Credits
an7y
Seth Larson
Stan Ulbrych
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T13:43:47.712946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T13:43:54.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.15.0",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "an7y"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stan Ulbrych"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"type": "text/html",
"value": "Mitgation of\u0026nbsp;CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See\u0026nbsp;CVE-2026-4519 for details."
}
],
"value": "Mitgation of\u00a0CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See\u00a0CVE-2026-4519 for details."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T15:30:58.707Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/148170"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/148169"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2026-4786",
"datePublished": "2026-04-13T21:52:19.036Z",
"dateReserved": "2026-03-24T19:25:48.269Z",
"dateUpdated": "2026-04-29T15:30:58.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…