CVE-2026-0864

Name: CVE-2026-0864
Creator: NVD / NIST
Published: 2026-06-23T18:17:41.243+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.1/10EPSS 0.13%

Last modified Jun 25, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.

Metrics

CVSS 4.0

4.1/10

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.13%

2.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-74

References

https://github.com/python/cpython/commit/0adb386f6e68eb2e73d32e19f235d012df009528
https://github.com/python/cpython/commit/5858e42c539dac8394636a6e9b30472b8994851f
https://github.com/python/cpython/commit/71f2e02a52d47417a6fd69f456346cd8aa7aca98
https://github.com/python/cpython/commit/aaf850fd333cd89e9aada03d92aaa788a6cb1bb8
https://github.com/python/cpython/issues/143927
https://github.com/python/cpython/pull/151559
https://mail.python.org/archives/list/security-announce@python.org/thread/CV4NE6AFCRJL7XQOHX7J5TSDHUWVWGJS/

Timeline

Published: Jun 23, 2026
Last Modified: Jun 25, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-0864?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST