CNNVD-202601-3956 Information

CNNVD ID

CNNVD-202601-3956

Related CVE

CVE-2026-1299

• CNNVD Published: 2026-01-23

Description (Chinese)

CPython是Python基金会的一个用C语言实现的Python解释器。 CPython存在安全漏洞，该漏洞源于email module序列化电子邮件时未正确引用换行符，可能导致标头注入。

Description (English)

CPython is a Python interpreter for the Python Foundation in the C language. There is a security loophole in CPython, which stems from the incorrect reference to a line break when email moduule sequenced e-mail, which may lead to a header injection.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Python

Published

2026-01-23

Last Modified

2026-02-24

References

https://cve.org/CVERecord?id=CVE-2024-6923 https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413 https://github.com/python/cpython/issues/144125 https://github.com/python/cpython/pull/144126 https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/

Patch

https://www.python.org/