BIT-PYTHON-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

CVE-2026-3276

The CVE concerns Python’s unicodedata.normalize() taking excessive CPU time when given specially crafted Unicode input with long runs of combining characters that have alternating Canonical Combining Class (CCC) values. Affected: the normalize() function across all normalization forms. Root cause...

PSF-2026-25

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

EUVD-2026-34103

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...