Vulnerability in Python Software Foundation Cpython

CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the writ…

Affected products

Python Software Foundation Cpython — versions 0

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)

References

cna@python.org (patch)
cna@python.org (issue-tracking)
cna@python.org (patch)
cna@python.org (vendor-advisory)