OESA-2026-2270 python3 security update

🗓️ 09 May 2026 12:33:41Reported by GoogleType

osv

osv🔗 osv.dev👁 3 Views

Python3 security update fixes Morsel.js_output script injection by encoding cookie values.

Reporter	Title	Published	Views	Family All 72
ATTACKERKB	CVE-2026-6019	22 Apr 202619:28	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1774)	8 Jun 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1785)	8 Jun 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1786)	8 Jun 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1821)	8 Jun 202600:00	–	nessus
Tenable Nessus	Photon OS 5.0: Python3 PHSA-2026-5.0-0862	4 Jun 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2026:1715-1)	10 May 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : python39 (SUSE-SU-2026:1818-1)	16 May 202600:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : python3 (SUSE-SU-2026:1937-1)	19 May 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : python310 (SUSE-SU-2026:1947-1)	19 May 202600:00	–	nessus

Source	Link
openeuler	www.openeuler.org/zh/security/security-bulletins/detail/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-6019

09 May 2026 12:48Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.1

CVSS 42.1

EPSS0.00229

SSVC

python security cookie handling script injection morsel output base64 encoding