RockyLinux 10 : python3.12 (RLSA-2026:19064)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

RLSA-2026:19176 Important: python3.14 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3.14 security update

An update is available for python3.14. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

PT-2026-42621

Summary The refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint...

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

cpython: Header injection in http.cookies.Morsel in Python

An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

CLSA-2026-1779213441 python3.11: Fix of 11 CVEs

CVE-2026-4224: avoid unbound C recursion in convcontentmodel in pyexpat - CVE-2026-3644: reject control characters in http.cookies.Morsel.update - CVE-2026-0672: reject control characters in http.cookies.Morsel - CVE-2025-8291: check consistency of zip64 end of central directory record -...

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

ALSA-2026:19177 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

[SECURITY] [DLA 4583-1] python3.9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4583-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout May 15, 2026 https://wiki.debian.org/LTS -...

ROS-20260505-73-0053

A vulnerability in the http.cookies.Morsel component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...

ROS-20260505-73-0010

A vulnerability in the http.cookies library of the Python programming language interpreter CPython is related to improper encoding or escaping of output data. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality and integrity of protected information...

ROS-20260505-73-0013

A vulnerability in the http.cookies library of the Python programming language interpreter CPython is related to improper encoding or escaping of output data. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality and integrity of protected information...

ROS-20260505-73-0011

A vulnerability in the http.cookies library of the Python programming language interpreter CPython is related to improper encoding or escaping of output data. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality and integrity of protected information...

Astra Linux - уязвимость в python3.11, python2.7, python3.7

There is a low-severity vulnerability affecting CPython, specifically the ‘http.cookies’ standard library module. When parsing cookies where quoted characters are represented using backslashes, the parser uses an algorithm with quadratic complexity, resulting in excessive CPU resources being...

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1617)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1617 advisory. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, a...