Python Packaging and CPython Flaws Enable Privilege Escalation and Security Bypass
dCERT issued advisories for two Python-related vulnerabilities affecting Red Hat Enterprise Linux and CPython. One advisory warns that a flaw in python-wheel on Red Hat Enterprise Linux can allow privilege escalation and arbitrary code execution, creating a path for attackers to gain elevated access and run malicious code on affected systems.
A second dCERT advisory reports a CPython vulnerability that can bypass security measures, indicating that protections relying on expected interpreter behavior may be undermined on vulnerable deployments. Together, the advisories highlight risk across both the Python runtime and packaging ecosystem, with potential impact ranging from weakened defensive controls to full code execution on enterprise Linux environments.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
11 events from the most recent confirmed update back to the earliest known activity.
dCERT publishes CPython data manipulation vulnerability advisory
dCERT issued Advisory 2026-1492 for CPython, describing a vulnerability that could allow manipulation of data. The advisory was published on 2026-05-15.
dCERT publishes CPython denial-of-service vulnerability advisory
dCERT issued Advisory 2026-1444 for CPython, describing a vulnerability that could allow denial of service. The advisory was published on 2026-05-12.
dCERT publishes CPython unspecified attack vulnerability advisory
dCERT issued Advisory 2026-1198 for CPython, describing a vulnerability that could allow an unspecified attack. The advisory was published on 2026-04-22.
dCERT publishes CPython data manipulation vulnerability advisory
dCERT issued Advisory 2026-1093 for CPython, describing a vulnerability that could allow manipulation of data. The advisory was published on 2026-04-15.
dCERT publishes CPython multiple vulnerabilities advisory
dCERT issued Advisory 2026-1066 for CPython, describing multiple vulnerabilities. The advisory was published on 2026-04-14.
dCERT publishes CPython multiple vulnerabilities advisory
dCERT issued Advisory 2026-1045 for CPython, describing multiple vulnerabilities. The advisory was published on 2026-04-13.
dCERT publishes CPython denial-of-service vulnerability advisory
dCERT issued Advisory 2025-2548 for CPython, describing a vulnerability that could allow denial of service. The advisory was published on 2026-01-01.
dCERT publishes Python code execution vulnerability advisory
dCERT issued Advisory 2026-0802 for Python, describing a vulnerability that could allow code execution. The advisory was published by dCERT on 2026-03-23.
dCERT publishes CPython file manipulation vulnerability advisory
dCERT issued Advisory 2026-0709 for CPython, describing a vulnerability that could allow manipulation of files. The advisory was published on 2026-03-13.
dCERT publishes CPython security bypass vulnerability advisory
dCERT issued Advisory 2026-0599 for CPython, describing a vulnerability that could allow bypassing security measures.
dCERT publishes Red Hat Enterprise Linux python-wheel vulnerability advisory
dCERT issued Advisory 2026-0298 for Red Hat Enterprise Linux (python-wheel), describing a vulnerability that could allow privilege escalation and code execution.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
11 references tracked. Mallory keeps watching after this page renders.
dCERT - Advisory 2026-1492 - CPython: Vulnerability allows manipulation of data
dcert.de
Open sourcedCERT - Advisory 2026-1444 - CPython: Vulnerability allows Denial of Service
dcert.de
Open sourcedCERT - Advisory 2026-1198 - CPython: Vulnerability allows unspecified attack
dcert.de
Open sourcedCERT - Advisory 2026-1093 - CPython: Vulnerability allows manipulation of data
dcert.de
Open sourcedCERT - Advisory 2026-0709 - CPython: Vulnerability allows manipulation of files
dcert.de
Open sourcedCERT - Advisory 2026-0599 - CPython: Vulnerability allows bypassing security measures
dcert.de
Open sourcedCERT - Advisory 2026-0298 - Red Hat Enterprise Linux (python-wheel): Vulnerability allows privilege escalation and code execution
dcert.de
Open sourcedCERT - Advisory 2025-2548 - cPython: Vulnerability allows Denial of Service
dcert.de
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CPython Flaws Expose Proxy Header Injection and Remote Debug Memory Corruption
CPython disclosed two medium-severity vulnerabilities affecting distinct parts of the runtime and tooling. **CVE-2026-1502** allows CR/LF bytes to pass through HTTP client proxy tunnel header or host handling, creating a header-injection risk in proxy tunnel scenarios. The issue was published through Python security channels and the `oss-sec` mailing list, with remediation details tracked in the CVE record and an associated CPython pull request. A second flaw, **CVE-2026-5713**, affects CPython remote debugging and introspection features and can trigger out-of-bounds read and write behavior when a privileged Python process connects to a malicious or compromised Python target. The bug impacts newer capabilities including `profiling.sampling` in Python 3.15+ and asyncio inspection commands such as ``` python -m asyncio ps python -m asyncio pstree ``` in Python 3.14+, and exploitation is expected to be unstable because the connecting process is likely to crash under ASLR.
Apr 15, 2026
Red Hat Enterprise Linux Packages Patched for urllib3 and Python Protobuf DoS Flaws
Red Hat Enterprise Linux users were alerted to multiple package-level vulnerabilities that can cause denial of service, affecting both **`urllib3`** and **Python Protobuf** components distributed for the platform. One advisory reported multiple flaws in **`urllib3`** that could be abused to disrupt application availability, while a separate advisory identified a denial-of-service vulnerability in **Python Protobuf**. The notices indicate that the impact is centered on service interruption rather than code execution, but the affected libraries are widely used in Python-based applications and backend services on Red Hat Enterprise Linux systems. Organizations running exposed or business-critical workloads that depend on these packages should prioritize reviewing installed versions, applying Red Hat-provided updates, and validating that dependent applications remain stable after remediation.
Mar 27, 2026
Python fixes code execution and package confusion flaws in install manager and pip
Python disclosed **CVE-2026-5271**, a medium-severity flaw in the Python install manager that affects script alias entrypoints generated by version `26.0`. The bug could leave the search path empty, allowing a Python module in the current working directory to override the intended module and execute code as the user. Python said the issue is fixed in version `26.1`, noted that versions prior to `26.0` are not affected, and advised users to update and regenerate vulnerable aliases with: ```bash py install --refresh ``` A separate medium-severity issue, **CVE-2026-3219**, was disclosed in `pip` for its handling of concatenated TAR and ZIP archives. `pip` treated concatenated TAR/ZIP files as ZIP archives regardless of filename or whether the file could be interpreted as both formats, creating confusing installation results and potentially installing files that did not match the expected archive type. The fix changes `pip` so installation proceeds only when an archive is uniquely identified as either ZIP or TAR, reducing the risk of ambiguous package handling in Python software distribution workflows.
Apr 20, 2026