Cpython
Monthly
CPython's tarfile.extract() silently bypasses the 'filter' parameter when processing hardlinks within tar archives, writing files with attacker-controlled uid/gid values despite the caller specifying filter='data' for security. Systems that extract content from untrusted tar archives while relying on this filter mechanism for ownership hardening are left with unexpected file ownership on extracted hardlinks. No active exploitation has been confirmed (not in CISA KEV) and no public proof-of-concept is available at time of analysis; the CVSS 4.0 score of 2.0 reflects the narrow, low-impact nature of the flaw.
Denial of service in CPython's tarfile module allows remote attackers to trigger an infinite loop by supplying a crafted tar archive opened in streaming mode (mode='r|'). The seek() routine fails to detect EOF and keeps requesting bufsize reads of empty data when a TarInfo header declares a size far larger than the actual stream, exhausting CPU on any Python service that parses untrusted tar streams. No public exploit identified at time of analysis, but the upstream fix and a reproducer test case are both published on GitHub.
Config file injection in CPython's configparser module allows an attacker who controls multi-line values written via configparser.write() to smuggle arbitrary keys and values into the resulting INI-style configuration file by embedding carriage return (\r) characters. All CPython versions are listed as affected per the NVD CPE wildcard, and any Python application that writes attacker-influenced data to config files via configparser is a candidate target. No public exploit has been identified at time of analysis; CVSS 4.0 scores this at 4.1 (Medium) with high privilege requirements and specific attack conditions.
Path traversal in CPython's tarfile module allows a crafted tar archive to bypass the 'data' and 'tar' extraction filters and create a symlink pointing outside the destination directory, enabling out-of-destination file reads or writes when extractall() is later used or the resulting symlink is followed. The flaw is an incomplete fix of CVE-2025-4330: a hardlink referencing a symlink stored at a deeper path than the hardlink itself causes the fallback to validate the symlink at its archived (deep) location but recreate it at the hardlink's shallower path, making a previously 'contained' relative target escape the extraction root. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Privilege escalation in CPython on Windows enables a low-privileged local user to hijack the module search path of a more-privileged Python process running from a legacy all-users installation, enabling arbitrary code execution under an elevated context. The root cause is a VPATH-based fallback landmark mechanism compiled into release builds: on Windows, VPATH resolves two directory levels above PCbuild/, placing the Modules/Setup.local landmark outside the install directory in a location writable by unprivileged users under the legacy EXE installer's default all-users path. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, high confidentiality and integrity impact (VC:H/VI:H) reflect the ability to fully substitute Python's module loading path.
Stack-based buffer overflow in CPython's bz2.BZ2Decompressor allows remote attackers to crash Python applications by sending crafted bzip2 data when the application reuses the decompressor object after catching a prior OSError. The flaw stems from libbz2's internal state being left inconsistent after a decompression error, and reuse causes out-of-bounds writes to a stack buffer. No public exploit identified at time of analysis and the issue is not in CISA KEV; the practical impact is denial of service against Python services that process untrusted bzip2 streams.
Path traversal in CPython's tarfile module allows malicious tar archives to bypass the data_filter safety mechanism and write files to arbitrary locations outside the intended extraction directory. When an application or user calls tarfile.extractall() with the data filter active, specially crafted symlinks using empty names, directory-like names, or trailing slashes can redirect subsequent archive members through attacker-controlled paths, subject to the permissions of the extracting process. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, but the attack vector is network-accessible and requires only that a victim initiate extraction of a crafted archive (UI:A).
Denial-of-service via quadratic algorithmic complexity in CPython's unicodedata.normalize() affects all CPython versions when processing attacker-controlled Unicode strings. The canonical ordering step during Unicode normalization used an insertion sort algorithm with O(n²) time complexity, which degrades severely when input contains long runs of combining characters with alternating Canonical Combining Class (CCC) values. An unauthenticated remote attacker can cause excessive CPU consumption by submitting small crafted payloads (e.g., 65 characters) to any service that passes untrusted input to unicodedata.normalize(). No public exploit code or CISA KEV listing exists at time of analysis.
Server-Side Request Forgery in CPython's ftplib module allows a malicious FTP source server to redirect a target FTP server's data connection to an arbitrary internal host by supplying an attacker-controlled IP address and port in its PASV response. The ftpcp() function - used to copy files directly between two FTP servers - was inadvertently excluded from the CVE-2021-4189 fix that already hardened FTP.makepasv() against this class of SSRF. Affecting CPython versions prior to 3.15.0, no public exploit has been identified at time of analysis, and EPSS at 0.04% (12th percentile) signals low exploitation probability; the vulnerability is not listed in CISA KEV.
XML parsers in CPython's xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection, allowing crafted XML documents to trigger algorithmic complexity attacks (hash flooding) that degrade parser performance. Remote attackers can exploit this with complex XML payloads to cause denial of service. Mitigation requires both updating libexpat to 2.8.0 or later and applying the CPython patch, as confirmed by Python Software Foundation security advisory.
CPython's http.cookies.Morsel.js_output() method generates inline script snippets that fail to neutralize the HTML parser-sensitive sequence </script>, allowing attackers with high privilege levels to inject arbitrary JavaScript by crafting malicious cookie values. While the method escapes double quotes for JavaScript string context, it does not prevent premature termination of the script element through </script> injection, resulting in limited information disclosure. The vendor has released patches addressing this inadequate escaping mechanism through base64-encoding of cookie values.
Command injection in CPython's webbrowser.open() API bypasses previous CVE-2026-4519 mitigation via specially crafted URLs containing '%action' patterns. All CPython versions prior to 3.15.0 are affected, allowing local attackers with user interaction to execute arbitrary commands through underlying shell injection. EPSS probability is low (0.02%, 5th percentile), no active exploitation confirmed (not in CISA KEV), but publicly available patches exist via multiple GitHub commits. The incomplete mitigation highlights the challenge of securing browser-handling code across diverse browser implementations.
CPython decompression modules (lzma, bz2, gzip) allow memory corruption via use-after-free when decompressor instances are reused after MemoryError exceptions under memory pressure. Affects all CPython versions before 3.15.0. Exploitation requires network-accessible Python service that decompresses attacker-controlled data, operates under memory constraints, and reuses decompressor objects across multiple operations-a narrow but realistic scenario in containerized environments or resource-limited systems. No active exploitation confirmed (EPSS 0.05%, not in CISA KEV). Patch available via CPython 3.15.0.
The webbrowser.open() API in CPython accepts URLs with leading dashes, which certain web browsers interpret as command-line options rather than URLs, potentially leading to unintended command execution or information disclosure. This affects all CPython versions using the vulnerable webbrowser module. An attacker can craft a malicious URL containing leading dashes (e.g., '-P' or '--profile') that, when passed to webbrowser.open(), may trigger browser-specific behavior such as loading alternate profiles or executing browser commands, resulting in information disclosure or other security impacts.
The pkgutil.get_data() function in CPython fails to properly validate the resource argument, enabling path traversal attacks that allow unauthorized information disclosure. This vulnerability affects CPython across multiple versions and could permit attackers to read arbitrary files from the system where Python code is executing. A patch is available from the Python Software Foundation, and the vulnerability has been documented with proof-of-concept references in the official CPython repository.
CPython's tarfile.extract() silently bypasses the 'filter' parameter when processing hardlinks within tar archives, writing files with attacker-controlled uid/gid values despite the caller specifying filter='data' for security. Systems that extract content from untrusted tar archives while relying on this filter mechanism for ownership hardening are left with unexpected file ownership on extracted hardlinks. No active exploitation has been confirmed (not in CISA KEV) and no public proof-of-concept is available at time of analysis; the CVSS 4.0 score of 2.0 reflects the narrow, low-impact nature of the flaw.
Denial of service in CPython's tarfile module allows remote attackers to trigger an infinite loop by supplying a crafted tar archive opened in streaming mode (mode='r|'). The seek() routine fails to detect EOF and keeps requesting bufsize reads of empty data when a TarInfo header declares a size far larger than the actual stream, exhausting CPU on any Python service that parses untrusted tar streams. No public exploit identified at time of analysis, but the upstream fix and a reproducer test case are both published on GitHub.
Config file injection in CPython's configparser module allows an attacker who controls multi-line values written via configparser.write() to smuggle arbitrary keys and values into the resulting INI-style configuration file by embedding carriage return (\r) characters. All CPython versions are listed as affected per the NVD CPE wildcard, and any Python application that writes attacker-influenced data to config files via configparser is a candidate target. No public exploit has been identified at time of analysis; CVSS 4.0 scores this at 4.1 (Medium) with high privilege requirements and specific attack conditions.
Path traversal in CPython's tarfile module allows a crafted tar archive to bypass the 'data' and 'tar' extraction filters and create a symlink pointing outside the destination directory, enabling out-of-destination file reads or writes when extractall() is later used or the resulting symlink is followed. The flaw is an incomplete fix of CVE-2025-4330: a hardlink referencing a symlink stored at a deeper path than the hardlink itself causes the fallback to validate the symlink at its archived (deep) location but recreate it at the hardlink's shallower path, making a previously 'contained' relative target escape the extraction root. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Privilege escalation in CPython on Windows enables a low-privileged local user to hijack the module search path of a more-privileged Python process running from a legacy all-users installation, enabling arbitrary code execution under an elevated context. The root cause is a VPATH-based fallback landmark mechanism compiled into release builds: on Windows, VPATH resolves two directory levels above PCbuild/, placing the Modules/Setup.local landmark outside the install directory in a location writable by unprivileged users under the legacy EXE installer's default all-users path. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, high confidentiality and integrity impact (VC:H/VI:H) reflect the ability to fully substitute Python's module loading path.
Stack-based buffer overflow in CPython's bz2.BZ2Decompressor allows remote attackers to crash Python applications by sending crafted bzip2 data when the application reuses the decompressor object after catching a prior OSError. The flaw stems from libbz2's internal state being left inconsistent after a decompression error, and reuse causes out-of-bounds writes to a stack buffer. No public exploit identified at time of analysis and the issue is not in CISA KEV; the practical impact is denial of service against Python services that process untrusted bzip2 streams.
Path traversal in CPython's tarfile module allows malicious tar archives to bypass the data_filter safety mechanism and write files to arbitrary locations outside the intended extraction directory. When an application or user calls tarfile.extractall() with the data filter active, specially crafted symlinks using empty names, directory-like names, or trailing slashes can redirect subsequent archive members through attacker-controlled paths, subject to the permissions of the extracting process. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, but the attack vector is network-accessible and requires only that a victim initiate extraction of a crafted archive (UI:A).
Denial-of-service via quadratic algorithmic complexity in CPython's unicodedata.normalize() affects all CPython versions when processing attacker-controlled Unicode strings. The canonical ordering step during Unicode normalization used an insertion sort algorithm with O(n²) time complexity, which degrades severely when input contains long runs of combining characters with alternating Canonical Combining Class (CCC) values. An unauthenticated remote attacker can cause excessive CPU consumption by submitting small crafted payloads (e.g., 65 characters) to any service that passes untrusted input to unicodedata.normalize(). No public exploit code or CISA KEV listing exists at time of analysis.
Server-Side Request Forgery in CPython's ftplib module allows a malicious FTP source server to redirect a target FTP server's data connection to an arbitrary internal host by supplying an attacker-controlled IP address and port in its PASV response. The ftpcp() function - used to copy files directly between two FTP servers - was inadvertently excluded from the CVE-2021-4189 fix that already hardened FTP.makepasv() against this class of SSRF. Affecting CPython versions prior to 3.15.0, no public exploit has been identified at time of analysis, and EPSS at 0.04% (12th percentile) signals low exploitation probability; the vulnerability is not listed in CISA KEV.
XML parsers in CPython's xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection, allowing crafted XML documents to trigger algorithmic complexity attacks (hash flooding) that degrade parser performance. Remote attackers can exploit this with complex XML payloads to cause denial of service. Mitigation requires both updating libexpat to 2.8.0 or later and applying the CPython patch, as confirmed by Python Software Foundation security advisory.
CPython's http.cookies.Morsel.js_output() method generates inline script snippets that fail to neutralize the HTML parser-sensitive sequence </script>, allowing attackers with high privilege levels to inject arbitrary JavaScript by crafting malicious cookie values. While the method escapes double quotes for JavaScript string context, it does not prevent premature termination of the script element through </script> injection, resulting in limited information disclosure. The vendor has released patches addressing this inadequate escaping mechanism through base64-encoding of cookie values.
Command injection in CPython's webbrowser.open() API bypasses previous CVE-2026-4519 mitigation via specially crafted URLs containing '%action' patterns. All CPython versions prior to 3.15.0 are affected, allowing local attackers with user interaction to execute arbitrary commands through underlying shell injection. EPSS probability is low (0.02%, 5th percentile), no active exploitation confirmed (not in CISA KEV), but publicly available patches exist via multiple GitHub commits. The incomplete mitigation highlights the challenge of securing browser-handling code across diverse browser implementations.
CPython decompression modules (lzma, bz2, gzip) allow memory corruption via use-after-free when decompressor instances are reused after MemoryError exceptions under memory pressure. Affects all CPython versions before 3.15.0. Exploitation requires network-accessible Python service that decompresses attacker-controlled data, operates under memory constraints, and reuses decompressor objects across multiple operations-a narrow but realistic scenario in containerized environments or resource-limited systems. No active exploitation confirmed (EPSS 0.05%, not in CISA KEV). Patch available via CPython 3.15.0.
The webbrowser.open() API in CPython accepts URLs with leading dashes, which certain web browsers interpret as command-line options rather than URLs, potentially leading to unintended command execution or information disclosure. This affects all CPython versions using the vulnerable webbrowser module. An attacker can craft a malicious URL containing leading dashes (e.g., '-P' or '--profile') that, when passed to webbrowser.open(), may trigger browser-specific behavior such as loading alternate profiles or executing browser commands, resulting in information disclosure or other security impacts.
The pkgutil.get_data() function in CPython fails to properly validate the resource argument, enabling path traversal attacks that allow unauthorized information disclosure. This vulnerability affects CPython across multiple versions and could permit attackers to read arbitrary files from the system where Python code is executing. A patch is available from the Python Software Foundation, and the vulnerability has been documented with proof-of-concept references in the official CPython repository.