Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-6100 (GCVE-0-2026-6100)
Vulnerability from cvelistv5 – Published: 2026-04-13 17:15 – Updated: 2026-04-14 14:30
VLAI?
EPSS
Title
Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Summary
Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.
The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.15.0
(python)
|
Credits
Ryan Hileman
Stan Ulbrych
Seth Larson
Stan Ulbrych
Ryan Hileman
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T19:21:03.412763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T19:21:10.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-13T19:29:27.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/13/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.15.0",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ryan Hileman"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stan Ulbrych"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "finder",
"value": "Stan Ulbrych"
},
{
"lang": "en",
"type": "finder",
"value": "Ryan Hileman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\u003cbr\u003e\u003cbr\u003eThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable."
}
],
"value": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\n\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T14:30:25.622Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/148396"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/148395"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure",
"x_generator": {
"engine": "Vulnogram 0.6.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2026-6100",
"datePublished": "2026-04-13T17:15:47.606Z",
"dateReserved": "2026-04-10T21:13:45.428Z",
"dateUpdated": "2026-04-14T14:30:25.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-6100",
"date": "2026-04-24",
"epss": "0.00151",
"percentile": "0.35375"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-6100\",\"sourceIdentifier\":\"cna@python.org\",\"published\":\"2026-04-13T18:16:31.297\",\"lastModified\":\"2026-04-17T15:18:16.507\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\\n\\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"references\":[{\"url\":\"https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/issues/148395\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/pull/148396\",\"source\":\"cna@python.org\"},{\"url\":\"https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/\",\"source\":\"cna@python.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/04/13/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/04/13/10\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-04-13T19:29:27.322Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-6100\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-13T19:21:03.412763Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-13T19:21:07.815Z\"}}], \"cna\": {\"title\": \"Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Ryan Hileman\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Stan Ulbrych\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Seth Larson\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Stan Ulbrych\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ryan Hileman\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/python/cpython\", \"vendor\": \"Python Software Foundation\", \"product\": \"CPython\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.15.0\", \"versionType\": \"python\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/python/cpython/pull/148396\", \"tags\": [\"patch\"]}, {\"url\": \"https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/python/cpython/issues/148395\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.6.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\\n\\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\u003cbr\u003e\u003cbr\u003eThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use after free\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds write\"}]}], \"providerMetadata\": {\"orgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"shortName\": \"PSF\", \"dateUpdated\": \"2026-04-14T14:30:25.622Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-6100\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-14T14:30:25.622Z\", \"dateReserved\": \"2026-04-10T21:13:45.428Z\", \"assignerOrgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"datePublished\": \"2026-04-13T17:15:47.606Z\", \"assignerShortName\": \"PSF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
MSRC_CVE-2026-6100
Vulnerability from csaf_microsoft - Published: 2026-04-02 00:00 - Updated: 2026-04-20 14:39Summary
Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
CWE-416
- Use After Free
None Available
There is no fix available for this vulnerability as of now
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-6100.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure",
"tracking": {
"current_release_date": "2026-04-20T14:39:35.000Z",
"generator": {
"date": "2026-04-21T07:19:27.490Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-6100",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-04-19T01:01:45.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-04-20T14:39:35.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 python3 3.12.9-10",
"product": {
"name": "azl3 python3 3.12.9-10",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "python3"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python3 3.12.9-10 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6100",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "general",
"text": "PSF",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-6100.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-04-19T01:01:45.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-1"
]
}
],
"title": "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure"
}
]
}
RHSA-2026:10117
Vulnerability from csaf_redhat - Published: 2026-04-23 11:30 - Updated: 2026-04-23 14:47Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
python3.13:
* python3.13-3.13.13-1.1.hum1 (aarch64, x86_64)
* python3.13-debug-3.13.13-1.1.hum1 (aarch64, x86_64)
* python3.13-devel-3.13.13-1.1.hum1 (aarch64, x86_64)
* python3.13-freethreading-3.13.13-1.1.hum1 (aarch64, x86_64)
* python3.13-freethreading-debug-3.13.13-1.1.hum1 (aarch64, x86_64)
* python3.13-idle-3.13.13-1.1.hum1 (aarch64, x86_64)
* python3.13-libs-3.13.13-1.1.hum1 (aarch64, x86_64)
* python3.13-test-3.13.13-1.1.hum1 (aarch64, x86_64)
* python3.13-tkinter-3.13.13-1.1.hum1 (aarch64, x86_64)
* python3.13-3.13.13-1.1.hum1.src (src)
Security Fix(es):
python3.13:
* CVE-2026-1502
* CVE-2026-4786
* CVE-2026-6100
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.
4.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:10117
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:10117
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:10117
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\npython3.13:\n * python3.13-3.13.13-1.1.hum1 (aarch64, x86_64)\n * python3.13-debug-3.13.13-1.1.hum1 (aarch64, x86_64)\n * python3.13-devel-3.13.13-1.1.hum1 (aarch64, x86_64)\n * python3.13-freethreading-3.13.13-1.1.hum1 (aarch64, x86_64)\n * python3.13-freethreading-debug-3.13.13-1.1.hum1 (aarch64, x86_64)\n * python3.13-idle-3.13.13-1.1.hum1 (aarch64, x86_64)\n * python3.13-libs-3.13.13-1.1.hum1 (aarch64, x86_64)\n * python3.13-test-3.13.13-1.1.hum1 (aarch64, x86_64)\n * python3.13-tkinter-3.13.13-1.1.hum1 (aarch64, x86_64)\n * python3.13-3.13.13-1.1.hum1.src (src)\n\nSecurity Fix(es):\n\npython3.13:\n * CVE-2026-1502\n * CVE-2026-4786\n * CVE-2026-6100",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10117",
"url": "https://access.redhat.com/errata/RHSA-2026:10117"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1502",
"url": "https://access.redhat.com/security/cve/CVE-2026-1502"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4786",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6100",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10117.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update",
"tracking": {
"current_release_date": "2026-04-23T14:47:28+00:00",
"generator": {
"date": "2026-04-23T14:47:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:10117",
"initial_release_date": "2026-04-23T11:30:45+00:00",
"revision_history": [
{
"date": "2026-04-23T11:30:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T11:31:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-23T14:47:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-13-main@aarch64",
"product": {
"name": "python3-13-main@aarch64",
"product_id": "python3-13-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.13@3.13.13-1.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-13-main@src",
"product": {
"name": "python3-13-main@src",
"product_id": "python3-13-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.13@3.13.13-1.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-13-main@x86_64",
"product": {
"name": "python3-13-main@x86_64",
"product_id": "python3-13-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.13@3.13.13-1.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-13-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-13-main@aarch64"
},
"product_reference": "python3-13-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-13-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-13-main@src"
},
"product_reference": "python3-13-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-13-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-13-main@x86_64"
},
"product_reference": "python3-13-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1502",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-04-10T19:01:07.715197+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457409"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: HTTP header injection via CR/LF in proxy tunnel headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1502"
},
{
"category": "external",
"summary": "RHBZ#2457409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1502",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1502"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69",
"url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/146211",
"url": "https://github.com/python/cpython/issues/146211"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/146212",
"url": "https://github.com/python/cpython/pull/146212"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/"
}
],
"release_date": "2026-04-10T17:54:44.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T11:30:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10117"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Python: HTTP header injection via CR/LF in proxy tunnel headers"
},
{
"cve": "CVE-2026-4786",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-04-13T22:01:38.006388+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in the Python `webbrowser.open()` API allows for command injection and arbitrary code execution when processing specially crafted URLs containing \"%action\". This bypasses a previous mitigation for CVE-2026-4519.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "RHBZ#2458049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148169",
"url": "https://github.com/python/cpython/issues/148169"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148170",
"url": "https://github.com/python/cpython/pull/148170"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
}
],
"release_date": "2026-04-13T21:52:19.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T11:30:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10117"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API"
},
{
"cve": "CVE-2026-6100",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-04-13T18:01:31.970255+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457932"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python\u0027s decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw is somewhat mitigated on Red Hat platforms. By default processes are not executed with root user privilege and are limited in their scope which in turn limits the impact of this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "RHBZ#2457932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148395",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148396",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
}
],
"release_date": "2026-04-13T17:15:47.606000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T11:30:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10117"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-13-main@aarch64",
"Red Hat Hardened Images:python3-13-main@src",
"Red Hat Hardened Images:python3-13-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
}
]
}
RHSA-2026:8824
Vulnerability from csaf_redhat - Published: 2026-04-17 19:24 - Updated: 2026-04-23 23:44Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
python3.12:
* python3.12-3.12.13-3.hum1 (aarch64, x86_64)
* python3.12-debug-3.12.13-3.hum1 (aarch64, x86_64)
* python3.12-devel-3.12.13-3.hum1 (aarch64, x86_64)
* python3.12-idle-3.12.13-3.hum1 (aarch64, x86_64)
* python3.12-libs-3.12.13-3.hum1 (aarch64, x86_64)
* python3.12-test-3.12.13-3.hum1 (aarch64, x86_64)
* python3.12-tkinter-3.12.13-3.hum1 (aarch64, x86_64)
* python3.12-3.12.13-3.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.
4.0 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.
4.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in `xml.dom.minidom` methods, such as `appendChild()`, when building excessively nested documents due to a dependency on `_clear_id_cache()`
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into memory, potentially causing memory allocations errors, swapping, out-of-memory conditions or even system freezes.
6.8 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Since this vulnerability is triggered when no read amount is specified and the client defaults to using the potentially malicious Content-Length header, developers can mitigate this issue in their code by always imposing an explicit, safe limit on data reads.
Applications using the http.client.HTTPResponse.read function directly can ensure that read operations specify a byte limit:
~~~
...
max_safe_read = 10 * 1024 * 1024
data = response.read(max_safe_read)
...
~~~
A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations errors, swapping, out-of-memory conditions or even system freezes.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
4.8 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
To mitigate this vulnerability, ensure that no data passed to the imaplib module contains newline or carriage return characters.
A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
To mitigate this vulnerability, ensure that no data passed to the poplib module contains newline or carriage return characters.
Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers.
4.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
To mitigate this issue, applications accepting user-supplied data for email headers should sanitize the input by stripping or rejecting any strings containing carriage return or line feed characters, '\r' or '\n', respectively, preventing malicious sequences that could lead to header manipulation.
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.
4.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files (.pyc), does not properly trigger system audit events. This oversight could enable malicious activities to go undetected, compromising the integrity of the system.
CWE-778 - Insufficient Logging
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update(), |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via its remote debugging feature, potentially leading to information disclosure and arbitrary code execution. Successful exploitation requires repeated connections, which may cause instability in the connecting process.
6.0 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8824
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\npython3.12:\n * python3.12-3.12.13-3.hum1 (aarch64, x86_64)\n * python3.12-debug-3.12.13-3.hum1 (aarch64, x86_64)\n * python3.12-devel-3.12.13-3.hum1 (aarch64, x86_64)\n * python3.12-idle-3.12.13-3.hum1 (aarch64, x86_64)\n * python3.12-libs-3.12.13-3.hum1 (aarch64, x86_64)\n * python3.12-test-3.12.13-3.hum1 (aarch64, x86_64)\n * python3.12-tkinter-3.12.13-3.hum1 (aarch64, x86_64)\n * python3.12-3.12.13-3.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:8824",
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-5713",
"url": "https://access.redhat.com/security/cve/CVE-2026-5713"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1299",
"url": "https://access.redhat.com/security/cve/CVE-2026-1299"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-0865",
"url": "https://access.redhat.com/security/cve/CVE-2026-0865"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6075",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13837",
"url": "https://access.redhat.com/security/cve/CVE-2025-13837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13836",
"url": "https://access.redhat.com/security/cve/CVE-2025-13836"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-11468",
"url": "https://access.redhat.com/security/cve/CVE-2025-11468"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8291",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12084",
"url": "https://access.redhat.com/security/cve/CVE-2025-12084"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15282",
"url": "https://access.redhat.com/security/cve/CVE-2025-15282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15367",
"url": "https://access.redhat.com/security/cve/CVE-2025-15367"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4786",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4224",
"url": "https://access.redhat.com/security/cve/CVE-2026-4224"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3644",
"url": "https://access.redhat.com/security/cve/CVE-2026-3644"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6100",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1502",
"url": "https://access.redhat.com/security/cve/CVE-2026-1502"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2297",
"url": "https://access.redhat.com/security/cve/CVE-2026-2297"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15366",
"url": "https://access.redhat.com/security/cve/CVE-2025-15366"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8824.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-04-23T23:44:35+00:00",
"generator": {
"date": "2026-04-23T23:44:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:8824",
"initial_release_date": "2026-04-17T19:24:04+00:00",
"revision_history": [
{
"date": "2026-04-17T19:24:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-22T13:50:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-23T23:44:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-12-main@aarch64",
"product": {
"name": "python3-12-main@aarch64",
"product_id": "python3-12-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12@3.12.13-3.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-12-main@src",
"product": {
"name": "python3-12-main@src",
"product_id": "python3-12-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12@3.12.13-3.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-12-main@x86_64",
"product": {
"name": "python3-12-main@x86_64",
"product_id": "python3-12-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12@3.12.13-3.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-12-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-12-main@aarch64"
},
"product_reference": "python3-12-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-12-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-12-main@src"
},
"product_reference": "python3-12-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-12-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-12-main@x86_64"
},
"product_reference": "python3-12-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6075",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-31T17:01:47.052517+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408891"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Python\u2019s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Quadratic complexity in os.path.expandvars() with user-controlled template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low rather than Moderate because it only causes a performance inefficiency without affecting code execution, data integrity, or confidentiality. The flaw lies in the algorithmic complexity of os.path.expandvars(), which can become quadratic when processing crafted input containing repetitive or nested environment variable references. Exploitation requires the attacker to control the input string passed to this function, which is uncommon in secure applications. Moreover, the impact is limited to increased CPU utilization and potential slowdown, not system compromise or data manipulation. Since the issue does not introduce memory corruption, privilege escalation, or information disclosure risks, its overall impact scope and exploitability are minimal, justifying a Low severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "RHBZ#2408891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/136065",
"url": "https://github.com/python/cpython/issues/136065"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
}
],
"release_date": "2025-10-31T16:41:34.983000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Quadratic complexity in os.path.expandvars() with user-controlled template"
},
{
"cve": "CVE-2025-8291",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-10-07T19:01:23.599055+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402342"
}
],
"notes": [
{
"category": "description",
"text": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the \u0027zipfile\u0027 module compared to other ZIP implementations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "RHBZ#2402342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267",
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6",
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/139700",
"url": "https://github.com/python/cpython/issues/139700"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/139702",
"url": "https://github.com/python/cpython/pull/139702"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
}
],
"release_date": "2025-10-07T18:10:05.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked"
},
{
"cve": "CVE-2025-11468",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-01-20T22:02:21.862077+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431375"
}
],
"notes": [
{
"category": "description",
"text": "Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Missing character filtering in Python",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11468"
},
{
"category": "external",
"summary": "RHBZ#2431375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11468"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143935",
"url": "https://github.com/python/cpython/issues/143935"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143936",
"url": "https://github.com/python/cpython/pull/143936"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/"
}
],
"release_date": "2026-01-20T21:09:11.229000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Missing character filtering in Python"
},
{
"cve": "CVE-2025-12084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-03T19:01:03.489250+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418655"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in `xml.dom.minidom` methods, such as `appendChild()`, when building excessively nested documents due to a dependency on `_clear_id_cache()`",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it can lead to a denial of service. The flaw exists in the `xml.dom.minidom` module of cpython, where a quadratic algorithm in methods like `appendChild()` can be triggered when processing excessively nested XML documents. When successfully exploited this may impact the availability of applications utilizing this functionality across affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12084"
},
{
"category": "external",
"summary": "RHBZ#2418655",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418655"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12084"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/142145",
"url": "https://github.com/python/cpython/issues/142145"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/142146",
"url": "https://github.com/python/cpython/pull/142146"
}
],
"release_date": "2025-12-03T18:55:32.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service"
},
{
"cve": "CVE-2025-13836",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-01T19:01:03.091899+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418078"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into memory, potentially causing memory allocations errors, swapping, out-of-memory conditions or even system freezes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Excessive read buffering DoS in http.client",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue can only be exploited by Python applications using the http.client.HTTPResponse.read function without the amount parameter, which specifies the read size in bytes. Note that Python libraries may use this function internally and make applications vulnerable. Additionally, vulnerable Python applications must connect to a malicious or compromised server that replies with a very large or crafted Content-Length header to trigger this issue, limiting the exposure of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13836"
},
{
"category": "external",
"summary": "RHBZ#2418078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13836",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13836"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/119451",
"url": "https://github.com/python/cpython/issues/119451"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/119454",
"url": "https://github.com/python/cpython/pull/119454"
}
],
"release_date": "2025-12-01T18:02:38.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Since this vulnerability is triggered when no read amount is specified and the client defaults to using the potentially malicious Content-Length header, developers can mitigate this issue in their code by always imposing an explicit, safe limit on data reads.\n\nApplications using the http.client.HTTPResponse.read function directly can ensure that read operations specify a byte limit:\n\n~~~\n...\nmax_safe_read = 10 * 1024 * 1024\ndata = response.read(max_safe_read)\n...\n~~~",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Excessive read buffering DoS in http.client"
},
{
"cve": "CVE-2025-13837",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-01T19:01:32.492656+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418084"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations errors, swapping, out-of-memory conditions or even system freezes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Out-of-memory when loading Plist",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue can only be exploited by Python applications processing malicious or untrusted Plist files, which are not typically done in Linux systems or applications. Furthermore, this flaw can cause only a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13837"
},
{
"category": "external",
"summary": "RHBZ#2418084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13837",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13837"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/119342",
"url": "https://github.com/python/cpython/issues/119342"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/119343",
"url": "https://github.com/python/cpython/pull/119343"
}
],
"release_date": "2025-12-01T18:13:32.739000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Out-of-memory when loading Plist"
},
{
"cve": "CVE-2025-15282",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-01-20T22:01:20.971828+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431366"
}
],
"notes": [
{
"category": "description",
"text": "Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Header injection via newlines in data URL mediatype in Python",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15282"
},
{
"category": "external",
"summary": "RHBZ#2431366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15282"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143925",
"url": "https://github.com/python/cpython/issues/143925"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143926",
"url": "https://github.com/python/cpython/pull/143926"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/"
}
],
"release_date": "2026-01-20T21:35:13.865000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Header injection via newlines in data URL mediatype in Python"
},
{
"cve": "CVE-2025-15366",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2026-01-20T22:01:33.257688+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431368"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: IMAP command injection in user-controlled commands",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to have the privileges required to send malicious input to an application that sends IMAP commands to a server. Additionally, this flaw can allow attackers to manipulate the state of the mailbox (e.g., delete emails, move folders, flag messages) and to potentially read metadata or specific email content, but it does not allow arbitrary code execution or OS command injection. Due to these reasons, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15366"
},
{
"category": "external",
"summary": "RHBZ#2431368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15366",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15366"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143921",
"url": "https://github.com/python/cpython/issues/143921"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143922",
"url": "https://github.com/python/cpython/pull/143922"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/"
}
],
"release_date": "2026-01-20T21:40:24.938000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, ensure that no data passed to the imaplib module contains newline or carriage return characters.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: IMAP command injection in user-controlled commands"
},
{
"cve": "CVE-2025-15367",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2026-01-20T22:02:09.399038+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431373"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: POP3 command injection in user-controlled commands",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to have the privileges required to send malicious input to an application that sends POP3 commands to a server. Additionally, this flaw can allow attackers to manipulate the state of the mailbox (e.g., delete emails) and to potentially read metadata or specific email content, but it does not allow arbitrary code execution or OS command injection. Due to these reasons, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15367"
},
{
"category": "external",
"summary": "RHBZ#2431373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15367",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15367"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143923",
"url": "https://github.com/python/cpython/issues/143923"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143924",
"url": "https://github.com/python/cpython/pull/143924"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/"
}
],
"release_date": "2026-01-20T21:47:09.885000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, ensure that no data passed to the poplib module contains newline or carriage return characters.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: POP3 command injection in user-controlled commands"
},
{
"cve": "CVE-2026-0865",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2026-01-20T22:01:26.694713+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431367"
}
],
"notes": [
{
"category": "description",
"text": "Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: wsgiref.headers.Headers allows header newline injection in Python",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0865"
},
{
"category": "external",
"summary": "RHBZ#2431367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0865"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143916",
"url": "https://github.com/python/cpython/issues/143916"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143917",
"url": "https://github.com/python/cpython/pull/143917"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/"
}
],
"release_date": "2026-01-20T21:26:15.274000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: wsgiref.headers.Headers allows header newline injection in Python"
},
{
"cve": "CVE-2026-1299",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-01-23T17:02:57.343486+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2432437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: email header injection due to unquoted newlines",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue can only be exploitable by Python applications using the LiteralHeader class to write email headers, as it does not respect email folding rules. Additionally, this issue allows attackers to modify message recipients or the email body and spoof sender identity but it does not cause memory corruption or arbitrary code execution. Due to these reasons, this vulnerability has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1299"
},
{
"category": "external",
"summary": "RHBZ#2432437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1299"
},
{
"category": "external",
"summary": "https://cve.org/CVERecord?id=CVE-2024-6923",
"url": "https://cve.org/CVERecord?id=CVE-2024-6923"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413",
"url": "https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/144125",
"url": "https://github.com/python/cpython/issues/144125"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/144126",
"url": "https://github.com/python/cpython/pull/144126"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/"
}
],
"release_date": "2026-01-23T16:27:13.346000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications accepting user-supplied data for email headers should sanitize the input by stripping or rejecting any strings containing carriage return or line feed characters, \u0027\\r\u0027 or \u0027\\n\u0027, respectively, preventing malicious sequences that could lead to header manipulation.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: email header injection due to unquoted newlines"
},
{
"cve": "CVE-2026-1502",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-04-10T19:01:07.715197+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457409"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: HTTP header injection via CR/LF in proxy tunnel headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1502"
},
{
"category": "external",
"summary": "RHBZ#2457409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1502",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1502"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69",
"url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/146211",
"url": "https://github.com/python/cpython/issues/146211"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/146212",
"url": "https://github.com/python/cpython/pull/146212"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/"
}
],
"release_date": "2026-04-10T17:54:44.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Python: HTTP header injection via CR/LF in proxy tunnel headers"
},
{
"cve": "CVE-2026-2297",
"cwe": {
"id": "CWE-778",
"name": "Insufficient Logging"
},
"discovery_date": "2026-03-04T23:01:09.396553+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444691"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files (.pyc), does not properly trigger system audit events. This oversight could enable malicious activities to go undetected, compromising the integrity of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2297"
},
{
"category": "external",
"summary": "RHBZ#2444691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2297",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2297"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e",
"url": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e",
"url": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86",
"url": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/145506",
"url": "https://github.com/python/cpython/issues/145506"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/145507",
"url": "https://github.com/python/cpython/pull/145507"
}
],
"release_date": "2026-03-04T22:10:43.297000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling"
},
{
"cve": "CVE-2026-3644",
"cwe": {
"id": "CWE-791",
"name": "Incomplete Filtering of Special Elements"
},
"discovery_date": "2026-03-16T18:02:25.997880+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448168"
}
],
"notes": [
{
"category": "description",
"text": "A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update(), |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Incomplete control character validation in http.cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3644"
},
{
"category": "external",
"summary": "RHBZ#2448168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3644"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4",
"url": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/145599",
"url": "https://github.com/python/cpython/issues/145599"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/145600",
"url": "https://github.com/python/cpython/pull/145600"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/"
}
],
"release_date": "2026-03-16T17:37:31.344000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Incomplete control character validation in http.cookies"
},
{
"cve": "CVE-2026-4224",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2026-03-16T19:01:54.161187+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448181"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Stack overflow parsing XML with deeply nested DTD content models",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4224"
},
{
"category": "external",
"summary": "RHBZ#2448181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4224",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4224"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a",
"url": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3",
"url": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768",
"url": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/145986",
"url": "https://github.com/python/cpython/issues/145986"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/145987",
"url": "https://github.com/python/cpython/pull/145987"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/"
}
],
"release_date": "2026-03-16T17:52:26.639000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Stack overflow parsing XML with deeply nested DTD content models"
},
{
"cve": "CVE-2026-4786",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-04-13T22:01:38.006388+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in the Python `webbrowser.open()` API allows for command injection and arbitrary code execution when processing specially crafted URLs containing \"%action\". This bypasses a previous mitigation for CVE-2026-4519.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "RHBZ#2458049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148169",
"url": "https://github.com/python/cpython/issues/148169"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148170",
"url": "https://github.com/python/cpython/pull/148170"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
}
],
"release_date": "2026-04-13T21:52:19.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API"
},
{
"cve": "CVE-2026-5713",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"discovery_date": "2026-04-14T16:01:58.710183+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458239"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. A malicious Python process could exploit the \"profiling.sampling\" module and \"asyncio introspection capabilities\" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via its remote debugging feature, potentially leading to information disclosure and arbitrary code execution. Successful exploitation requires repeated connections, which may cause instability in the connecting process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5713"
},
{
"category": "external",
"summary": "RHBZ#2458239",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458239"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5713"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148178",
"url": "https://github.com/python/cpython/issues/148178"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148187",
"url": "https://github.com/python/cpython/pull/148187"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/"
}
],
"release_date": "2026-04-14T15:11:51.122000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process."
},
{
"cve": "CVE-2026-6100",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-04-13T18:01:31.970255+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457932"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python\u0027s decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw is somewhat mitigated on Red Hat platforms. By default processes are not executed with root user privilege and are limited in their scope which in turn limits the impact of this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "RHBZ#2457932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148395",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148396",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
}
],
"release_date": "2026-04-13T17:15:47.606000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T19:24:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8824"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-12-main@aarch64",
"Red Hat Hardened Images:python3-12-main@src",
"Red Hat Hardened Images:python3-12-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
}
]
}
RHSA-2026:9228
Vulnerability from csaf_redhat - Published: 2026-04-21 07:26 - Updated: 2026-04-23 23:44Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
python3.14:
* python-unversioned-command-3.14.4-2.hum1 (noarch)
* python3-3.14.4-2.hum1 (aarch64, x86_64)
* python3-debug-3.14.4-2.hum1 (aarch64, x86_64)
* python3-devel-3.14.4-2.hum1 (aarch64, x86_64)
* python3-idle-3.14.4-2.hum1 (aarch64, x86_64)
* python3-libs-3.14.4-2.hum1 (aarch64, x86_64)
* python3-test-3.14.4-2.hum1 (aarch64, x86_64)
* python3-tkinter-3.14.4-2.hum1 (aarch64, x86_64)
* python3.14-freethreading-3.14.4-2.hum1 (aarch64, x86_64)
* python3.14-freethreading-debug-3.14.4-2.hum1 (aarch64, x86_64)
* python3.14-freethreading-devel-3.14.4-2.hum1 (aarch64, x86_64)
* python3.14-freethreading-idle-3.14.4-2.hum1 (aarch64, x86_64)
* python3.14-freethreading-libs-3.14.4-2.hum1 (aarch64, x86_64)
* python3.14-freethreading-test-3.14.4-2.hum1 (aarch64, x86_64)
* python3.14-freethreading-tkinter-3.14.4-2.hum1 (aarch64, x86_64)
* python3.14-3.14.4-2.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:9228
Workaround
To mitigate this vulnerability, ensure that no data passed to the imaplib module contains newline or carriage return characters.
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.
4.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:9228
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:9228
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via its remote debugging feature, potentially leading to information disclosure and arbitrary code execution. Successful exploitation requires repeated connections, which may cause instability in the connecting process.
6.0 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:9228
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:9228
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\npython3.14:\n * python-unversioned-command-3.14.4-2.hum1 (noarch)\n * python3-3.14.4-2.hum1 (aarch64, x86_64)\n * python3-debug-3.14.4-2.hum1 (aarch64, x86_64)\n * python3-devel-3.14.4-2.hum1 (aarch64, x86_64)\n * python3-idle-3.14.4-2.hum1 (aarch64, x86_64)\n * python3-libs-3.14.4-2.hum1 (aarch64, x86_64)\n * python3-test-3.14.4-2.hum1 (aarch64, x86_64)\n * python3-tkinter-3.14.4-2.hum1 (aarch64, x86_64)\n * python3.14-freethreading-3.14.4-2.hum1 (aarch64, x86_64)\n * python3.14-freethreading-debug-3.14.4-2.hum1 (aarch64, x86_64)\n * python3.14-freethreading-devel-3.14.4-2.hum1 (aarch64, x86_64)\n * python3.14-freethreading-idle-3.14.4-2.hum1 (aarch64, x86_64)\n * python3.14-freethreading-libs-3.14.4-2.hum1 (aarch64, x86_64)\n * python3.14-freethreading-test-3.14.4-2.hum1 (aarch64, x86_64)\n * python3.14-freethreading-tkinter-3.14.4-2.hum1 (aarch64, x86_64)\n * python3.14-3.14.4-2.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9228",
"url": "https://access.redhat.com/errata/RHSA-2026:9228"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4786",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-5713",
"url": "https://access.redhat.com/security/cve/CVE-2026-5713"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6100",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1502",
"url": "https://access.redhat.com/security/cve/CVE-2026-1502"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15366",
"url": "https://access.redhat.com/security/cve/CVE-2025-15366"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9228.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-04-23T23:44:33+00:00",
"generator": {
"date": "2026-04-23T23:44:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:9228",
"initial_release_date": "2026-04-21T07:26:49+00:00",
"revision_history": [
{
"date": "2026-04-21T07:26:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-22T13:50:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-23T23:44:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-14-main@noarch",
"product": {
"name": "python3-14-main@noarch",
"product_id": "python3-14-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-unversioned-command@3.14.4-2.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-14-main@aarch64",
"product": {
"name": "python3-14-main@aarch64",
"product_id": "python3-14-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3@3.14.4-2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-14-main@x86_64",
"product": {
"name": "python3-14-main@x86_64",
"product_id": "python3-14-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3@3.14.4-2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-14-main@src",
"product": {
"name": "python3-14-main@src",
"product_id": "python3-14-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.14@3.14.4-2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-14-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-14-main@aarch64"
},
"product_reference": "python3-14-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-14-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-14-main@noarch"
},
"product_reference": "python3-14-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-14-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-14-main@src"
},
"product_reference": "python3-14-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-14-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-14-main@x86_64"
},
"product_reference": "python3-14-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15366",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2026-01-20T22:01:33.257688+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431368"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: IMAP command injection in user-controlled commands",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to have the privileges required to send malicious input to an application that sends IMAP commands to a server. Additionally, this flaw can allow attackers to manipulate the state of the mailbox (e.g., delete emails, move folders, flag messages) and to potentially read metadata or specific email content, but it does not allow arbitrary code execution or OS command injection. Due to these reasons, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
],
"known_not_affected": [
"Red Hat Hardened Images:python3-14-main@noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15366"
},
{
"category": "external",
"summary": "RHBZ#2431368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15366",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15366"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143921",
"url": "https://github.com/python/cpython/issues/143921"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143922",
"url": "https://github.com/python/cpython/pull/143922"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/"
}
],
"release_date": "2026-01-20T21:40:24.938000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T07:26:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9228"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, ensure that no data passed to the imaplib module contains newline or carriage return characters.",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@noarch",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@noarch",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: IMAP command injection in user-controlled commands"
},
{
"cve": "CVE-2026-1502",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-04-10T19:01:07.715197+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457409"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: HTTP header injection via CR/LF in proxy tunnel headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
],
"known_not_affected": [
"Red Hat Hardened Images:python3-14-main@noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1502"
},
{
"category": "external",
"summary": "RHBZ#2457409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1502",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1502"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69",
"url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/146211",
"url": "https://github.com/python/cpython/issues/146211"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/146212",
"url": "https://github.com/python/cpython/pull/146212"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/"
}
],
"release_date": "2026-04-10T17:54:44.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T07:26:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9228"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@noarch",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@noarch",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Python: HTTP header injection via CR/LF in proxy tunnel headers"
},
{
"cve": "CVE-2026-4786",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-04-13T22:01:38.006388+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in the Python `webbrowser.open()` API allows for command injection and arbitrary code execution when processing specially crafted URLs containing \"%action\". This bypasses a previous mitigation for CVE-2026-4519.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
],
"known_not_affected": [
"Red Hat Hardened Images:python3-14-main@noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "RHBZ#2458049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148169",
"url": "https://github.com/python/cpython/issues/148169"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148170",
"url": "https://github.com/python/cpython/pull/148170"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
}
],
"release_date": "2026-04-13T21:52:19.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T07:26:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9228"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@noarch",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@noarch",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API"
},
{
"cve": "CVE-2026-5713",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"discovery_date": "2026-04-14T16:01:58.710183+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458239"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. A malicious Python process could exploit the \"profiling.sampling\" module and \"asyncio introspection capabilities\" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via its remote debugging feature, potentially leading to information disclosure and arbitrary code execution. Successful exploitation requires repeated connections, which may cause instability in the connecting process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
],
"known_not_affected": [
"Red Hat Hardened Images:python3-14-main@noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5713"
},
{
"category": "external",
"summary": "RHBZ#2458239",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458239"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5713"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148178",
"url": "https://github.com/python/cpython/issues/148178"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148187",
"url": "https://github.com/python/cpython/pull/148187"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/"
}
],
"release_date": "2026-04-14T15:11:51.122000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T07:26:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9228"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@noarch",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@noarch",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process."
},
{
"cve": "CVE-2026-6100",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-04-13T18:01:31.970255+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457932"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python\u0027s decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw is somewhat mitigated on Red Hat platforms. By default processes are not executed with root user privilege and are limited in their scope which in turn limits the impact of this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
],
"known_not_affected": [
"Red Hat Hardened Images:python3-14-main@noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "RHBZ#2457932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148395",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148396",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
}
],
"release_date": "2026-04-13T17:15:47.606000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T07:26:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9228"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@noarch",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-14-main@aarch64",
"Red Hat Hardened Images:python3-14-main@noarch",
"Red Hat Hardened Images:python3-14-main@src",
"Red Hat Hardened Images:python3-14-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
}
]
}
RHSA-2026:10140
Vulnerability from csaf_redhat - Published: 2026-04-23 13:34 - Updated: 2026-04-23 20:25Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 3.3.1
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 3.3.1 is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test,
and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system.
7.1 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10140
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.
7.1 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10140
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
8.1 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10140
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10140
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). Two model implementation files hardcode `trust_remote_code=True` when loading sub-components. This bypasses the user's explicit `--trust-remote-code=False` security opt-out, allowing a remote attacker to achieve remote code execution through malicious model repositories.
8.8 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10140
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.
7.5 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10140
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 3.3.1 is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test,\nand run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10140",
"url": "https://access.redhat.com/errata/RHSA-2026:10140"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27893",
"url": "https://access.redhat.com/security/cve/CVE-2026-27893"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4519",
"url": "https://access.redhat.com/security/cve/CVE-2026-4519"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4786",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6100",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10140.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 3.3.1",
"tracking": {
"current_release_date": "2026-04-23T20:25:04+00:00",
"generator": {
"date": "2026-04-23T20:25:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:10140",
"initial_release_date": "2026-04-23T13:34:50+00:00",
"revision_history": [
{
"date": "2026-04-23T13:34:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T13:35:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-23T20:25:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 3.3",
"product": {
"name": "Red Hat Enterprise Linux AI 3.3",
"product_id": "Red Hat Enterprise Linux AI 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-cuda-rhel9@sha256%3A080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3\u0026tag=1776773390"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-aws-cuda-rhel9@sha256%3Ac4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3\u0026tag=1776871984"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-azure-cuda-rhel9@sha256%3Abffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3\u0026tag=1776871985"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-gcp-cuda-rhel9@sha256%3Ab0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3\u0026tag=1776871987"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-rocm-rhel9@sha256%3A59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3\u0026tag=1776773505"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-azure-rocm-rhel9@sha256%3Ae288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3\u0026tag=1776872005"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"product_id": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-cuda-rhel9@sha256%3Aa6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63?arch=arm64\u0026repository_url=registry.redhat.io/rhelai3\u0026tag=1776773390"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64 as a component of Red Hat Enterprise Linux AI 3.3",
"product_id": "Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64 as a component of Red Hat Enterprise Linux AI 3.3",
"product_id": "Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64 as a component of Red Hat Enterprise Linux AI 3.3",
"product_id": "Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64 as a component of Red Hat Enterprise Linux AI 3.3",
"product_id": "Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64 as a component of Red Hat Enterprise Linux AI 3.3",
"product_id": "Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64 as a component of Red Hat Enterprise Linux AI 3.3",
"product_id": "Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64 as a component of Red Hat Enterprise Linux AI 3.3",
"product_id": "Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4519",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-03-20T16:02:13.494105+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449649"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4519"
},
{
"category": "external",
"summary": "RHBZ#2449649",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4519",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4519"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143930",
"url": "https://github.com/python/cpython/issues/143930"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143931",
"url": "https://github.com/python/cpython/pull/143931"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"
}
],
"release_date": "2026-03-20T15:08:32.576000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:34:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10140"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs"
},
{
"cve": "CVE-2026-4786",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-04-13T22:01:38.006388+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in the Python `webbrowser.open()` API allows for command injection and arbitrary code execution when processing specially crafted URLs containing \"%action\". This bypasses a previous mitigation for CVE-2026-4519.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "RHBZ#2458049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148169",
"url": "https://github.com/python/cpython/issues/148169"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148170",
"url": "https://github.com/python/cpython/pull/148170"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
}
],
"release_date": "2026-04-13T21:52:19.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:34:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10140"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API"
},
{
"cve": "CVE-2026-6100",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-04-13T18:01:31.970255+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457932"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python\u0027s decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw is somewhat mitigated on Red Hat platforms. By default processes are not executed with root user privilege and are limited in their scope which in turn limits the impact of this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "RHBZ#2457932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148395",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148396",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
}
],
"release_date": "2026-04-13T17:15:47.606000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:34:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10140"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:34:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10140"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27893",
"cwe": {
"id": "CWE-501",
"name": "Trust Boundary Violation"
},
"discovery_date": "2026-03-27T00:01:43.935417+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452055"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). Two model implementation files hardcode `trust_remote_code=True` when loading sub-components. This bypasses the user\u0027s explicit `--trust-remote-code=False` security opt-out, allowing a remote attacker to achieve remote code execution through malicious model repositories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in vLLM, as shipped in Red Hat AI Inference Server and Red Hat OpenShift AI. The flaw allows remote code execution due to vLLM hardcoding `trust_remote_code=True` when loading sub-components, which bypasses the user\u0027s explicit `--trust-remote-code=False` security opt-out. This can lead to exploitation through malicious model repositories.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27893"
},
{
"category": "external",
"summary": "RHBZ#2452055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452055"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27893",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27893"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/00bd08edeee5dd4d4c13277c0114a464011acf72",
"url": "https://github.com/vllm-project/vllm/commit/00bd08edeee5dd4d4c13277c0114a464011acf72"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/36192",
"url": "https://github.com/vllm-project/vllm/pull/36192"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7972-pg2x-xr59",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7972-pg2x-xr59"
}
],
"release_date": "2026-03-26T23:56:53.579000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:34:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10140"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting"
},
{
"cve": "CVE-2026-32597",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-12T22:01:29.967713+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447194"
}
],
"notes": [
{
"category": "description",
"text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "RHBZ#2447194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
}
],
"release_date": "2026-03-12T21:41:50.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:34:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10140"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:c4e99fdf145fa920e4d91f291010fe0826306112c55f8470c67b060b6235e58f_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:bffbcba6080e3e3034581301575ce3211a8351ff560029426c6723ea06229430_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:e288f64fd5bfeb9f94ae40c346cf6a77ae09cb639440494d36db9be9962035d6_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:080632b93a8171a88c7a17ddb8dc5f1cc7801da604aae599eac28861b5b38821_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:a6e60bde307c0d6fb5fa8c115d13169287ec851ef2f3c440da3df7a9089a8f63_arm64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:b0f5035af6217c92086ae77c07f36742f31b2b36f5a24a70f801cd9ff181a264_amd64",
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:59b3ca83b219cadb030d5b4805e505ad6bfa19e1a0f2130f646b2ba7e0b8394c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
}
]
}
RHSA-2026:10141
Vulnerability from csaf_redhat - Published: 2026-04-23 13:36 - Updated: 2026-04-23 20:25Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 3.3.1
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 3.3.1 is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test,
and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system.
7.1 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10141
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.
7.1 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10141
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
8.1 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10141
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10141
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). Two model implementation files hardcode `trust_remote_code=True` when loading sub-components. This bypasses the user's explicit `--trust-remote-code=False` security opt-out, allowing a remote attacker to achieve remote code execution through malicious model repositories.
8.8 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10141
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.
7.5 (High)
Vendor Fix
Before applying this update, ensure all previously released errata relevant to your system have been applied.
https://access.redhat.com/errata/RHSA-2026:10141
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 3.3.1 is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test,\nand run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10141",
"url": "https://access.redhat.com/errata/RHSA-2026:10141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27893",
"url": "https://access.redhat.com/security/cve/CVE-2026-27893"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4519",
"url": "https://access.redhat.com/security/cve/CVE-2026-4519"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4786",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6100",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10141.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 3.3.1",
"tracking": {
"current_release_date": "2026-04-23T20:25:05+00:00",
"generator": {
"date": "2026-04-23T20:25:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:10141",
"initial_release_date": "2026-04-23T13:36:23+00:00",
"revision_history": [
{
"date": "2026-04-23T13:36:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T13:36:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-23T20:25:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 3.3",
"product": {
"name": "Red Hat Enterprise Linux AI 3.3",
"product_id": "Red Hat Enterprise Linux AI 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64",
"product_id": "registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64",
"product_identification_helper": {
"purl": "pkg:oci/disk-image-cuda-rhel9@sha256%3Ac60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3\u0026tag=1776938871"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64 as a component of Red Hat Enterprise Linux AI 3.3",
"product_id": "Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4519",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-03-20T16:02:13.494105+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449649"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4519"
},
{
"category": "external",
"summary": "RHBZ#2449649",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4519",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4519"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143930",
"url": "https://github.com/python/cpython/issues/143930"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143931",
"url": "https://github.com/python/cpython/pull/143931"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"
}
],
"release_date": "2026-03-20T15:08:32.576000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:36:23+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10141"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs"
},
{
"cve": "CVE-2026-4786",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-04-13T22:01:38.006388+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in the Python `webbrowser.open()` API allows for command injection and arbitrary code execution when processing specially crafted URLs containing \"%action\". This bypasses a previous mitigation for CVE-2026-4519.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "RHBZ#2458049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148169",
"url": "https://github.com/python/cpython/issues/148169"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148170",
"url": "https://github.com/python/cpython/pull/148170"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
}
],
"release_date": "2026-04-13T21:52:19.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:36:23+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10141"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API"
},
{
"cve": "CVE-2026-6100",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-04-13T18:01:31.970255+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457932"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python\u0027s decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw is somewhat mitigated on Red Hat platforms. By default processes are not executed with root user privilege and are limited in their scope which in turn limits the impact of this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "RHBZ#2457932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148395",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148396",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
}
],
"release_date": "2026-04-13T17:15:47.606000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:36:23+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10141"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:36:23+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10141"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27893",
"cwe": {
"id": "CWE-501",
"name": "Trust Boundary Violation"
},
"discovery_date": "2026-03-27T00:01:43.935417+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452055"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). Two model implementation files hardcode `trust_remote_code=True` when loading sub-components. This bypasses the user\u0027s explicit `--trust-remote-code=False` security opt-out, allowing a remote attacker to achieve remote code execution through malicious model repositories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in vLLM, as shipped in Red Hat AI Inference Server and Red Hat OpenShift AI. The flaw allows remote code execution due to vLLM hardcoding `trust_remote_code=True` when loading sub-components, which bypasses the user\u0027s explicit `--trust-remote-code=False` security opt-out. This can lead to exploitation through malicious model repositories.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27893"
},
{
"category": "external",
"summary": "RHBZ#2452055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452055"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27893",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27893"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/00bd08edeee5dd4d4c13277c0114a464011acf72",
"url": "https://github.com/vllm-project/vllm/commit/00bd08edeee5dd4d4c13277c0114a464011acf72"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/36192",
"url": "https://github.com/vllm-project/vllm/pull/36192"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7972-pg2x-xr59",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7972-pg2x-xr59"
}
],
"release_date": "2026-03-26T23:56:53.579000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:36:23+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10141"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting"
},
{
"cve": "CVE-2026-32597",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-12T22:01:29.967713+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447194"
}
],
"notes": [
{
"category": "description",
"text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "RHBZ#2447194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
}
],
"release_date": "2026-03-12T21:41:50.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T13:36:23+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10141"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.3:registry.redhat.io/rhelai3/disk-image-cuda-rhel9@sha256:c60621bae671ef55db3e1f474d78d9ba22109518604dc694d7ef49ef2d240059_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
}
]
}
RHSA-2026:8822
Vulnerability from csaf_redhat - Published: 2026-04-17 18:54 - Updated: 2026-04-23 23:44Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
python3.11:
* python3.11-3.11.15-4.hum1 (aarch64, x86_64)
* python3.11-debug-3.11.15-4.hum1 (aarch64, x86_64)
* python3.11-devel-3.11.15-4.hum1 (aarch64, x86_64)
* python3.11-idle-3.11.15-4.hum1 (aarch64, x86_64)
* python3.11-libs-3.11.15-4.hum1 (aarch64, x86_64)
* python3.11-test-3.11.15-4.hum1 (aarch64, x86_64)
* python3.11-tkinter-3.11.15-4.hum1 (aarch64, x86_64)
* python3.11-3.11.15-4.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.
4.0 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.
4.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in `xml.dom.minidom` methods, such as `appendChild()`, when building excessively nested documents due to a dependency on `_clear_id_cache()`
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into memory, potentially causing memory allocations errors, swapping, out-of-memory conditions or even system freezes.
6.8 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Since this vulnerability is triggered when no read amount is specified and the client defaults to using the potentially malicious Content-Length header, developers can mitigate this issue in their code by always imposing an explicit, safe limit on data reads.
Applications using the http.client.HTTPResponse.read function directly can ensure that read operations specify a byte limit:
~~~
...
max_safe_read = 10 * 1024 * 1024
data = response.read(max_safe_read)
...
~~~
A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations errors, swapping, out-of-memory conditions or even system freezes.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
4.8 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
To mitigate this vulnerability, ensure that no data passed to the imaplib module contains newline or carriage return characters.
A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
To mitigate this vulnerability, ensure that no data passed to the poplib module contains newline or carriage return characters.
Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers.
4.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
To mitigate this issue, applications accepting user-supplied data for email headers should sanitize the input by stripping or rejecting any strings containing carriage return or line feed characters, '\r' or '\n', respectively, preventing malicious sequences that could lead to header manipulation.
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.
4.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files (.pyc), does not properly trigger system audit events. This oversight could enable malicious activities to go undetected, compromising the integrity of the system.
CWE-778 - Insufficient Logging
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update(), |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via its remote debugging feature, potentially leading to information disclosure and arbitrary code execution. Successful exploitation requires repeated connections, which may cause instability in the connecting process.
6.0 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8822
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\npython3.11:\n * python3.11-3.11.15-4.hum1 (aarch64, x86_64)\n * python3.11-debug-3.11.15-4.hum1 (aarch64, x86_64)\n * python3.11-devel-3.11.15-4.hum1 (aarch64, x86_64)\n * python3.11-idle-3.11.15-4.hum1 (aarch64, x86_64)\n * python3.11-libs-3.11.15-4.hum1 (aarch64, x86_64)\n * python3.11-test-3.11.15-4.hum1 (aarch64, x86_64)\n * python3.11-tkinter-3.11.15-4.hum1 (aarch64, x86_64)\n * python3.11-3.11.15-4.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:8822",
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-5713",
"url": "https://access.redhat.com/security/cve/CVE-2026-5713"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1299",
"url": "https://access.redhat.com/security/cve/CVE-2026-1299"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-0865",
"url": "https://access.redhat.com/security/cve/CVE-2026-0865"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6075",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13837",
"url": "https://access.redhat.com/security/cve/CVE-2025-13837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13836",
"url": "https://access.redhat.com/security/cve/CVE-2025-13836"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-11468",
"url": "https://access.redhat.com/security/cve/CVE-2025-11468"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8291",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12084",
"url": "https://access.redhat.com/security/cve/CVE-2025-12084"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15282",
"url": "https://access.redhat.com/security/cve/CVE-2025-15282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4786",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4224",
"url": "https://access.redhat.com/security/cve/CVE-2026-4224"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3644",
"url": "https://access.redhat.com/security/cve/CVE-2026-3644"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6100",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1502",
"url": "https://access.redhat.com/security/cve/CVE-2026-1502"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2297",
"url": "https://access.redhat.com/security/cve/CVE-2026-2297"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15366",
"url": "https://access.redhat.com/security/cve/CVE-2025-15366"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15367",
"url": "https://access.redhat.com/security/cve/CVE-2025-15367"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8822.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-04-23T23:44:32+00:00",
"generator": {
"date": "2026-04-23T23:44:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:8822",
"initial_release_date": "2026-04-17T18:54:19+00:00",
"revision_history": [
{
"date": "2026-04-17T18:54:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T13:36:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-23T23:44:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-11-main@aarch64",
"product": {
"name": "python3-11-main@aarch64",
"product_id": "python3-11-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.11@3.11.15-4.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-11-main@src",
"product": {
"name": "python3-11-main@src",
"product_id": "python3-11-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.11@3.11.15-4.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-11-main@x86_64",
"product": {
"name": "python3-11-main@x86_64",
"product_id": "python3-11-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.11@3.11.15-4.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-11-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-11-main@aarch64"
},
"product_reference": "python3-11-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-11-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-11-main@src"
},
"product_reference": "python3-11-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-11-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python3-11-main@x86_64"
},
"product_reference": "python3-11-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6075",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-31T17:01:47.052517+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408891"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Python\u2019s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Quadratic complexity in os.path.expandvars() with user-controlled template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low rather than Moderate because it only causes a performance inefficiency without affecting code execution, data integrity, or confidentiality. The flaw lies in the algorithmic complexity of os.path.expandvars(), which can become quadratic when processing crafted input containing repetitive or nested environment variable references. Exploitation requires the attacker to control the input string passed to this function, which is uncommon in secure applications. Moreover, the impact is limited to increased CPU utilization and potential slowdown, not system compromise or data manipulation. Since the issue does not introduce memory corruption, privilege escalation, or information disclosure risks, its overall impact scope and exploitability are minimal, justifying a Low severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "RHBZ#2408891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/136065",
"url": "https://github.com/python/cpython/issues/136065"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
}
],
"release_date": "2025-10-31T16:41:34.983000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Quadratic complexity in os.path.expandvars() with user-controlled template"
},
{
"cve": "CVE-2025-8291",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-10-07T19:01:23.599055+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402342"
}
],
"notes": [
{
"category": "description",
"text": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the \u0027zipfile\u0027 module compared to other ZIP implementations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "RHBZ#2402342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267",
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6",
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/139700",
"url": "https://github.com/python/cpython/issues/139700"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/139702",
"url": "https://github.com/python/cpython/pull/139702"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
}
],
"release_date": "2025-10-07T18:10:05.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked"
},
{
"cve": "CVE-2025-11468",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-01-20T22:02:21.862077+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431375"
}
],
"notes": [
{
"category": "description",
"text": "Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Missing character filtering in Python",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11468"
},
{
"category": "external",
"summary": "RHBZ#2431375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11468"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143935",
"url": "https://github.com/python/cpython/issues/143935"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143936",
"url": "https://github.com/python/cpython/pull/143936"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/"
}
],
"release_date": "2026-01-20T21:09:11.229000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Missing character filtering in Python"
},
{
"cve": "CVE-2025-12084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-03T19:01:03.489250+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418655"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in `xml.dom.minidom` methods, such as `appendChild()`, when building excessively nested documents due to a dependency on `_clear_id_cache()`",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it can lead to a denial of service. The flaw exists in the `xml.dom.minidom` module of cpython, where a quadratic algorithm in methods like `appendChild()` can be triggered when processing excessively nested XML documents. When successfully exploited this may impact the availability of applications utilizing this functionality across affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12084"
},
{
"category": "external",
"summary": "RHBZ#2418655",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418655"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12084"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/142145",
"url": "https://github.com/python/cpython/issues/142145"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/142146",
"url": "https://github.com/python/cpython/pull/142146"
}
],
"release_date": "2025-12-03T18:55:32.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service"
},
{
"cve": "CVE-2025-13836",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-01T19:01:03.091899+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418078"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into memory, potentially causing memory allocations errors, swapping, out-of-memory conditions or even system freezes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Excessive read buffering DoS in http.client",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue can only be exploited by Python applications using the http.client.HTTPResponse.read function without the amount parameter, which specifies the read size in bytes. Note that Python libraries may use this function internally and make applications vulnerable. Additionally, vulnerable Python applications must connect to a malicious or compromised server that replies with a very large or crafted Content-Length header to trigger this issue, limiting the exposure of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13836"
},
{
"category": "external",
"summary": "RHBZ#2418078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13836",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13836"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/119451",
"url": "https://github.com/python/cpython/issues/119451"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/119454",
"url": "https://github.com/python/cpython/pull/119454"
}
],
"release_date": "2025-12-01T18:02:38.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Since this vulnerability is triggered when no read amount is specified and the client defaults to using the potentially malicious Content-Length header, developers can mitigate this issue in their code by always imposing an explicit, safe limit on data reads.\n\nApplications using the http.client.HTTPResponse.read function directly can ensure that read operations specify a byte limit:\n\n~~~\n...\nmax_safe_read = 10 * 1024 * 1024\ndata = response.read(max_safe_read)\n...\n~~~",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Excessive read buffering DoS in http.client"
},
{
"cve": "CVE-2025-13837",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-01T19:01:32.492656+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418084"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations errors, swapping, out-of-memory conditions or even system freezes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Out-of-memory when loading Plist",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue can only be exploited by Python applications processing malicious or untrusted Plist files, which are not typically done in Linux systems or applications. Furthermore, this flaw can cause only a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13837"
},
{
"category": "external",
"summary": "RHBZ#2418084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13837",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13837"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/119342",
"url": "https://github.com/python/cpython/issues/119342"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/119343",
"url": "https://github.com/python/cpython/pull/119343"
}
],
"release_date": "2025-12-01T18:13:32.739000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Out-of-memory when loading Plist"
},
{
"cve": "CVE-2025-15282",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-01-20T22:01:20.971828+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431366"
}
],
"notes": [
{
"category": "description",
"text": "Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Header injection via newlines in data URL mediatype in Python",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15282"
},
{
"category": "external",
"summary": "RHBZ#2431366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15282"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143925",
"url": "https://github.com/python/cpython/issues/143925"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143926",
"url": "https://github.com/python/cpython/pull/143926"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/"
}
],
"release_date": "2026-01-20T21:35:13.865000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Header injection via newlines in data URL mediatype in Python"
},
{
"cve": "CVE-2025-15366",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2026-01-20T22:01:33.257688+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431368"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: IMAP command injection in user-controlled commands",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to have the privileges required to send malicious input to an application that sends IMAP commands to a server. Additionally, this flaw can allow attackers to manipulate the state of the mailbox (e.g., delete emails, move folders, flag messages) and to potentially read metadata or specific email content, but it does not allow arbitrary code execution or OS command injection. Due to these reasons, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15366"
},
{
"category": "external",
"summary": "RHBZ#2431368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15366",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15366"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143921",
"url": "https://github.com/python/cpython/issues/143921"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143922",
"url": "https://github.com/python/cpython/pull/143922"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/"
}
],
"release_date": "2026-01-20T21:40:24.938000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, ensure that no data passed to the imaplib module contains newline or carriage return characters.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: IMAP command injection in user-controlled commands"
},
{
"cve": "CVE-2025-15367",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2026-01-20T22:02:09.399038+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431373"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: POP3 command injection in user-controlled commands",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to have the privileges required to send malicious input to an application that sends POP3 commands to a server. Additionally, this flaw can allow attackers to manipulate the state of the mailbox (e.g., delete emails) and to potentially read metadata or specific email content, but it does not allow arbitrary code execution or OS command injection. Due to these reasons, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15367"
},
{
"category": "external",
"summary": "RHBZ#2431373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15367",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15367"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143923",
"url": "https://github.com/python/cpython/issues/143923"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143924",
"url": "https://github.com/python/cpython/pull/143924"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/"
}
],
"release_date": "2026-01-20T21:47:09.885000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, ensure that no data passed to the poplib module contains newline or carriage return characters.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: POP3 command injection in user-controlled commands"
},
{
"cve": "CVE-2026-0865",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2026-01-20T22:01:26.694713+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431367"
}
],
"notes": [
{
"category": "description",
"text": "Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: wsgiref.headers.Headers allows header newline injection in Python",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0865"
},
{
"category": "external",
"summary": "RHBZ#2431367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0865"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143916",
"url": "https://github.com/python/cpython/issues/143916"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143917",
"url": "https://github.com/python/cpython/pull/143917"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/"
}
],
"release_date": "2026-01-20T21:26:15.274000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: wsgiref.headers.Headers allows header newline injection in Python"
},
{
"cve": "CVE-2026-1299",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-01-23T17:02:57.343486+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2432437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: email header injection due to unquoted newlines",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue can only be exploitable by Python applications using the LiteralHeader class to write email headers, as it does not respect email folding rules. Additionally, this issue allows attackers to modify message recipients or the email body and spoof sender identity but it does not cause memory corruption or arbitrary code execution. Due to these reasons, this vulnerability has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1299"
},
{
"category": "external",
"summary": "RHBZ#2432437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1299"
},
{
"category": "external",
"summary": "https://cve.org/CVERecord?id=CVE-2024-6923",
"url": "https://cve.org/CVERecord?id=CVE-2024-6923"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413",
"url": "https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/144125",
"url": "https://github.com/python/cpython/issues/144125"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/144126",
"url": "https://github.com/python/cpython/pull/144126"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/"
}
],
"release_date": "2026-01-23T16:27:13.346000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications accepting user-supplied data for email headers should sanitize the input by stripping or rejecting any strings containing carriage return or line feed characters, \u0027\\r\u0027 or \u0027\\n\u0027, respectively, preventing malicious sequences that could lead to header manipulation.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: email header injection due to unquoted newlines"
},
{
"cve": "CVE-2026-1502",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-04-10T19:01:07.715197+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457409"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: HTTP header injection via CR/LF in proxy tunnel headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1502"
},
{
"category": "external",
"summary": "RHBZ#2457409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1502",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1502"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69",
"url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/146211",
"url": "https://github.com/python/cpython/issues/146211"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/146212",
"url": "https://github.com/python/cpython/pull/146212"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/"
}
],
"release_date": "2026-04-10T17:54:44.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Python: HTTP header injection via CR/LF in proxy tunnel headers"
},
{
"cve": "CVE-2026-2297",
"cwe": {
"id": "CWE-778",
"name": "Insufficient Logging"
},
"discovery_date": "2026-03-04T23:01:09.396553+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444691"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files (.pyc), does not properly trigger system audit events. This oversight could enable malicious activities to go undetected, compromising the integrity of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2297"
},
{
"category": "external",
"summary": "RHBZ#2444691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2297",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2297"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e",
"url": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e",
"url": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86",
"url": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/145506",
"url": "https://github.com/python/cpython/issues/145506"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/145507",
"url": "https://github.com/python/cpython/pull/145507"
}
],
"release_date": "2026-03-04T22:10:43.297000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling"
},
{
"cve": "CVE-2026-3644",
"cwe": {
"id": "CWE-791",
"name": "Incomplete Filtering of Special Elements"
},
"discovery_date": "2026-03-16T18:02:25.997880+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448168"
}
],
"notes": [
{
"category": "description",
"text": "A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update(), |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Incomplete control character validation in http.cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3644"
},
{
"category": "external",
"summary": "RHBZ#2448168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3644"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4",
"url": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/145599",
"url": "https://github.com/python/cpython/issues/145599"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/145600",
"url": "https://github.com/python/cpython/pull/145600"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/"
}
],
"release_date": "2026-03-16T17:37:31.344000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Incomplete control character validation in http.cookies"
},
{
"cve": "CVE-2026-4224",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2026-03-16T19:01:54.161187+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448181"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Stack overflow parsing XML with deeply nested DTD content models",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4224"
},
{
"category": "external",
"summary": "RHBZ#2448181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4224",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4224"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a",
"url": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3",
"url": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768",
"url": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/145986",
"url": "https://github.com/python/cpython/issues/145986"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/145987",
"url": "https://github.com/python/cpython/pull/145987"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/"
}
],
"release_date": "2026-03-16T17:52:26.639000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Stack overflow parsing XML with deeply nested DTD content models"
},
{
"cve": "CVE-2026-4786",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-04-13T22:01:38.006388+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in the Python `webbrowser.open()` API allows for command injection and arbitrary code execution when processing specially crafted URLs containing \"%action\". This bypasses a previous mitigation for CVE-2026-4519.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "RHBZ#2458049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148169",
"url": "https://github.com/python/cpython/issues/148169"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148170",
"url": "https://github.com/python/cpython/pull/148170"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
}
],
"release_date": "2026-04-13T21:52:19.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API"
},
{
"cve": "CVE-2026-5713",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"discovery_date": "2026-04-14T16:01:58.710183+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458239"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. A malicious Python process could exploit the \"profiling.sampling\" module and \"asyncio introspection capabilities\" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via its remote debugging feature, potentially leading to information disclosure and arbitrary code execution. Successful exploitation requires repeated connections, which may cause instability in the connecting process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5713"
},
{
"category": "external",
"summary": "RHBZ#2458239",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458239"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5713"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148178",
"url": "https://github.com/python/cpython/issues/148178"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148187",
"url": "https://github.com/python/cpython/pull/148187"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/"
}
],
"release_date": "2026-04-14T15:11:51.122000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process."
},
{
"cve": "CVE-2026-6100",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-04-13T18:01:31.970255+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457932"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python\u0027s decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw is somewhat mitigated on Red Hat platforms. By default processes are not executed with root user privilege and are limited in their scope which in turn limits the impact of this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "RHBZ#2457932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148395",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148396",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
}
],
"release_date": "2026-04-13T17:15:47.606000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T18:54:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8822"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python3-11-main@aarch64",
"Red Hat Hardened Images:python3-11-main@src",
"Red Hat Hardened Images:python3-11-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
}
]
}
bit-python-2026-6100
Vulnerability from bitnami_vulndb
Published
2026-04-16 23:50
Modified
2026-04-21 12:33
Summary
Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Details
Use-after-free (UAF) was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.
The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a MemoryError is raised during decompression. Using the helper functions to one-shot decompress data such as lzma.decompress(), bz2.decompress(), gzip.decompress(), and zlib.decompress() are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "python",
"purl": "pkg:bitnami/python"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
],
"aliases": [
"CVE-2026-6100"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
],
"severity": "Critical"
},
"details": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\n\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"id": "BIT-python-2026-6100",
"modified": "2026-04-21T12:33:30.555Z",
"published": "2026-04-16T23:50:36.926Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/13/10"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
}
],
"schema_version": "1.6.2",
"summary": "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure"
}
bit-libpython-2026-6100
Vulnerability from bitnami_vulndb
Published
2026-04-16 23:43
Modified
2026-04-21 12:33
Summary
Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Details
Use-after-free (UAF) was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.
The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a MemoryError is raised during decompression. Using the helper functions to one-shot decompress data such as lzma.decompress(), bz2.decompress(), gzip.decompress(), and zlib.decompress() are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "libpython",
"purl": "pkg:bitnami/libpython"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
],
"aliases": [
"CVE-2026-6100"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
],
"severity": "Critical"
},
"details": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\n\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"id": "BIT-libpython-2026-6100",
"modified": "2026-04-21T12:33:30.555Z",
"published": "2026-04-16T23:43:14.482Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/13/10"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
}
],
"schema_version": "1.6.2",
"summary": "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure"
}
FKIE_CVE-2026-6100
Vulnerability from fkie_nvd - Published: 2026-04-13 18:16 - Updated: 2026-04-17 15:18
Severity ?
Summary
Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.
The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
References
| URL | Tags | ||
|---|---|---|---|
| cna@python.org | https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e | ||
| cna@python.org | https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d | ||
| cna@python.org | https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2 | ||
| cna@python.org | https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20 | ||
| cna@python.org | https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b | ||
| cna@python.org | https://github.com/python/cpython/issues/148395 | ||
| cna@python.org | https://github.com/python/cpython/pull/148396 | ||
| cna@python.org | https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2026/04/13/10 |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\n\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable."
}
],
"id": "CVE-2026-6100",
"lastModified": "2026-04-17T15:18:16.507",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@python.org",
"type": "Secondary"
}
]
},
"published": "2026-04-13T18:16:31.297",
"references": [
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"source": "cna@python.org",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2026/04/13/10"
}
],
"sourceIdentifier": "cna@python.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "cna@python.org",
"type": "Secondary"
}
]
}
CERTFR-2026-AVI-0430
Vulnerability from certfr_avis - Published: 2026-04-14 - Updated: 2026-04-14
De multiples vulnérabilités ont été découvertes dans Python. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CPython sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "CPython",
"vendor": {
"name": "Python",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"name": "CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
}
],
"initial_release_date": "2026-04-14T00:00:00",
"last_revision_date": "2026-04-14T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0430",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Python. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Python",
"vendor_advisories": [
{
"published_at": "2026-04-13",
"title": "Bulletin de s\u00e9curit\u00e9 Python JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
},
{
"published_at": "2026-04-13",
"title": "Bulletin de s\u00e9curit\u00e9 Python HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
}
]
}
GHSA-PG25-7CX5-CVCM
Vulnerability from github – Published: 2026-04-13 18:30 – Updated: 2026-04-14 15:30
VLAI?
Details
Use-after-free (UAF) was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.
The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a MemoryError is raised during decompression. Using the helper functions to one-shot decompress data such as lzma.decompress(), bz2.decompress(), gzip.decompress(), and zlib.decompress() are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2026-6100"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-13T18:16:31Z",
"severity": "CRITICAL"
},
"details": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\n\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"id": "GHSA-pg25-7cx5-cvcm",
"modified": "2026-04-14T15:30:34Z",
"published": "2026-04-13T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/13/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…