ROOT-APP-PYPI-CVE-2025-68131 CVE-2025-68131 in rootio-cbor2 - Patched by Root

Root has patched CVE-2025-68131 in the rootio-cbor2 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-26209 CVE-2026-26209 in rootio-cbor2 - Patched by Root

Root has patched CVE-2026-26209 in the rootio-cbor2 package for Root:PyPI. Multiple fixed versions available...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in cbor2 [CVE-2026-26209]

Summary IBM Watson Speech Services Cartridge is vulnerable to adenial of service in cbor2, caused by uncontrolled recursion when decoding deeply nested CBOR structures CVE-2026-26209. Cbor2 is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...

Fedora 44 : python-cbor2 (2026-71677aed1e)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-71677aed1e advisory. Backport upstream patch for CVE-2025-64076 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 42 : python-cbor2 (2026-0afc953516)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0afc953516 advisory. Backport upstream patch for CVE-2025-64076 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 43 : python-cbor2 (2026-cd0bb7ac34)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cd0bb7ac34 advisory. Backport upstream patch for CVE-2025-64076 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

openSUSE 16 Security Update : python-cbor2 (openSUSE-SU-2026:20468-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20468-1 advisory. - CVE-2025-68131: CBORDecoder reuse across trust boundaries can lead to leak of shareable values from previous decode calls via...

OPENSUSE-SU-2026:20468-1 Security update for python-cbor2

This update for python-cbor2 fixes the following issues: - CVE-2025-68131: CBORDecoder reuse across trust boundaries can lead to leak of shareable values from previous decode calls via attacker-controlled messages bsc1255783. - CVE-2026-26209: uncontrolled recursion via crafted CBOR payloads can...

SUSE-SU-2026:21139-1 Security update for python-cbor2

This update for python-cbor2 fixes the following issues: - CVE-2025-68131: CBORDecoder reuse across trust boundaries can lead to leak of shareable values from previous decode calls via attacker-controlled messages bsc1255783. - CVE-2026-26209: uncontrolled recursion via crafted CBOR payloads can...

python311-cbor2-5.9.0-1.1 on GA media (moderate)

python311-cbor2-5.9.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10425-1 Rating: moderate Cross-References: CVE-2026-26209 CVSS scores: CVE-2026-26209 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-26209 SUSE : 8.7...

Linux Distros Unpatched Vulnerability : CVE-2026-26209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial ...

Security update for python-cbor2 (important)

openSUSE Security Update: Security update for python-cbor2 Announcement ID: openSUSE-SU-2026:0095-1 Rating: important References: 1260367 Cross-References: CVE-2026-26209 CVSS scores: CVE-2026-26209 SUSE: 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products:...

OPENSUSE-SU-2026:10425-1 python311-cbor2-5.9.0-1.1 on GA media

These are all security issues fixed in the python311-cbor2-5.9.0-1.1 package on the GA media of openSUSE Tumbleweed...

ai-box-lib (>=0.1.0 <=0.1.9), aligned-py (>=0.1.0 <=0.2.0a0) +88 more potentially affected by CVE-2026-26209 via cbor2 (>=4.1.2 <=5.8.0)

cbor2 PYPI version =4.1.2, =0.1.0, =0.1.0, =0.13.0, =0.5.5.post5, =0.5.5.post4, =0.2.0, =0.10.6, =0.7.1a0, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-26209 Source advisory: OSV:GHSA-3C37-WWVX-H642...

cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

Summary - The cbor2 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. - This vulnerability affects both the pure Python implementation and the C extension cbor2. The C extension correctly uses Python's C-API for...

CVE-2026-26209

A flaw was found in cbor2, a library for encoding and decoding Concise Binary Object Representation CBOR data. A remote attacker can exploit this vulnerability by sending a specially crafted CBOR payload containing deeply nested structures. This can cause the application to crash due to...

CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

Allocation of Resources Without Limits or Throttling

Overview cbor2 is a CBOR deserializer with extensive tag support Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the decoding of CBOR payloads. An attacker can cause the application to crash by submitting deeply nested input that trigger...

CVE-2026-26209 cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...