Which versions of Python are affected by CVE-2026-40035?

dfir-unfurl versions through 20250810 contain a critical remote code execution vulnerability affecting any organization using this tool in production environments.

Python CVE-2026-40035

Q: What is the CVSS score of CVE-2026-40035?

CVE-2026-40035 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-20777 CRITICAL

Active Debug Code (CWE-489)

2026-04-08 VulnCheck

GHSA-92wx-pxch-p9px

RCE Python

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 16:07 vuln.today

cvss_changed

EUVD ID Assigned

Apr 08, 2026 - 22:01 euvd

EUVD-2026-20777

Analysis Generated

Apr 08, 2026 - 22:01 vuln.today

CVE Published

Apr 08, 2026 - 21:35 nvd

CRITICAL 9.3

DescriptionNVD

dfir-unfurl through 20250810 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution.

AnalysisAI

Remote code execution in dfir-unfurl versions through 20250810 via exposed Werkzeug debugger. Improper string-based config parsing enables Flask debug mode by default, allowing unauthenticated remote attackers to access the interactive debugger interface and execute arbitrary Python code or extract sensitive application data including source code, environment variables, and stack traces. …

RemediationAI

Within 24 hours: Identify all systems running dfir-unfurl versions 20250810 and earlier; immediately isolate affected instances from network access or disable Flask debug mode if source code modification is possible. Within 7 days: Contact dfir-unfurl maintainers to confirm patch availability timeline and evaluate alternative DFIR tools if no patch is released. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40035 vulnerability details – vuln.today

Back

Python CVE-2026-40035

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Python CVE-2026-40035

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code