ROOT-APP-PYPI-CVE-2026-26209 CVE-2026-26209 in rootio-cbor2 - Patched by Root

Root has patched CVE-2026-26209 in the rootio-cbor2 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-68131 CVE-2025-68131 in rootio-cbor2 - Patched by Root

Root has patched CVE-2025-68131 in the rootio-cbor2 package for Root:PyPI. Multiple fixed versions available...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in cbor2 [CVE-2026-26209]

Summary IBM Watson Speech Services Cartridge is vulnerable to adenial of service in cbor2, caused by uncontrolled recursion when decoding deeply nested CBOR structures CVE-2026-26209. Cbor2 is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...

Fedora 44 : python-cbor2 (2026-71677aed1e)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-71677aed1e advisory. Backport upstream patch for CVE-2025-64076 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 42 : python-cbor2 (2026-0afc953516)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0afc953516 advisory. Backport upstream patch for CVE-2025-64076 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 43 : python-cbor2 (2026-cd0bb7ac34)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cd0bb7ac34 advisory. Backport upstream patch for CVE-2025-64076 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

openSUSE 16 Security Update : python-cbor2 (openSUSE-SU-2026:20468-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20468-1 advisory. - CVE-2025-68131: CBORDecoder reuse across trust boundaries can lead to leak of shareable values from previous decode calls via...

OPENSUSE-SU-2026:20468-1 Security update for python-cbor2

This update for python-cbor2 fixes the following issues: - CVE-2025-68131: CBORDecoder reuse across trust boundaries can lead to leak of shareable values from previous decode calls via attacker-controlled messages bsc1255783. - CVE-2026-26209: uncontrolled recursion via crafted CBOR payloads can...

SUSE-SU-2026:21139-1 Security update for python-cbor2

This update for python-cbor2 fixes the following issues: - CVE-2025-68131: CBORDecoder reuse across trust boundaries can lead to leak of shareable values from previous decode calls via attacker-controlled messages bsc1255783. - CVE-2026-26209: uncontrolled recursion via crafted CBOR payloads can...

python311-cbor2-5.9.0-1.1 on GA media (moderate)

python311-cbor2-5.9.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10425-1 Rating: moderate Cross-References: CVE-2026-26209 CVSS scores: CVE-2026-26209 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-26209 SUSE : 8.7...

Security update for python-cbor2 (important)

openSUSE Security Update: Security update for python-cbor2 Announcement ID: openSUSE-SU-2026:0095-1 Rating: important References: 1260367 Cross-References: CVE-2026-26209 CVSS scores: CVE-2026-26209 SUSE: 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products:...

OPENSUSE-SU-2026:10425-1 python311-cbor2-5.9.0-1.1 on GA media

These are all security issues fixed in the python311-cbor2-5.9.0-1.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2026-26209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial ...

ai-box-lib (>=0.1.0 <=0.1.9), aligned-py (>=0.1.0 <=0.2.0a0) +99 more potentially affected by CVE-2026-26209 via cbor2 (>=4.1.2 <=5.8.0)

cbor2 PYPI version =4.1.2, =0.1.0, =0.1.0, =0.7.0, =0.13.0, =0.0.1, =0.5.5.post5, =0.5.5.post4, =0.1.1, =0.1.0, =0.2.0, =0.10.6, =0.7.1a0, =1.0.7 and more Source cves: CVE-2026-26209 Source advisory: OSV:GHSA-3C37-WWVX-H642...

cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

Summary - The cbor2 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. - This vulnerability affects both the pure Python implementation and the C extension cbor2. The C extension correctly uses Python's C-API for...

CVE-2026-26209

A flaw was found in cbor2, a library for encoding and decoding Concise Binary Object Representation CBOR data. A remote attacker can exploit this vulnerability by sending a specially crafted CBOR payload containing deeply nested structures. This can cause the application to crash due to...

CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

ai-box-lib (>=0.1.0 <=0.1.9), aligned-py (>=0.1.0 <=0.2.0a0) +91 more potentially affected by CVE-2026-26209 via cbor2 (>=5.0.1 <=5.8.0)

cbor2 PYPI version =5.0.1, =0.1.0, =0.1.0, =0.7.0, =0.13.0, =0.0.1, =0.5.5.post5, =0.5.5.post4, =0.1.1, =0.1.0, =0.2.0, =0.10.6, =0.7.1a0, =1.0.7 and more Source cves: CVE-2026-26209 Source advisory: SNYK:PYTHON-CBOR2-15762225...

CVE-2026-26209 cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...