CPython Vulnerabilities Allow Remote Code Execution
Summary
The German Federal Office for Information Security (BSI) has issued a security advisory regarding multiple vulnerabilities in CPython, with a CVSS base score of 7.7. These vulnerabilities allow remote attackers to manipulate files or execute arbitrary code on affected systems.
What changed
This advisory from the BSI details critical vulnerabilities (CVSS 7.7) in CPython versions prior to 3.15.0, affecting Linux, macOS, UNIX, and Windows operating systems. The vulnerabilities enable authenticated remote attackers to manipulate files or execute arbitrary code, posing a significant security risk.
Organizations utilizing CPython should immediately review their installed versions and apply available updates or mitigations. The advisory lists specific product updates for various Linux distributions, including RESF Rocky Linux, Amazon Linux 2, SUSE Linux, Red Hat Enterprise Linux, Ubuntu Linux, Oracle Linux, Fedora Linux, and SUSE openSUSE. Failure to address these vulnerabilities could lead to system compromise and data breaches.
What to do next
- Review CPython version for installations prior to 3.15.0
- Apply available updates or mitigations for affected systems
- Consult specific product update information for Linux distributions
Source document (simplified)
[WID-SEC-2026-0209] Cpython: Mehrere Schwachstellen CVSS Base Score 7.7 (hoch) CVSS Temporal Score 6.7 (mittel) Remoteangriff ja Datum 25.01.2026 Stand UPDATE 13.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
Python ist eine universelle, üblicherweise interpretierte, höhere Programmiersprache.
Produkte
UPDATE 10.03.2026
- RESF Rocky Linux
UPDATE 05.03.2026
- Amazon Linux 2
UPDATE 22.02.2026
- SUSE Linux
UPDATE 05.02.2026
- Red Hat Enterprise Linux
Ubuntu Linux
Oracle Linux
UPDATE 03.02.2026Fedora Linux
UPDATE 01.02.2026SUSE openSUSE
25.01.2026Open Source Python CPython <3.15.0
Angriff
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Cpython ausnutzen, um Dateien zu manipulieren oder beliebigen Code auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Vulnerability Alerts alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.