CVE-2026-0864

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 23, 2026

Vendor unknown

Description

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.

References

https://github.com/python/cpython/commit/5858e42c539dac8394636a6e9b30472b8994851f
https://github.com/python/cpython/issues/143927
https://github.com/python/cpython/pull/151559
https://mail.python.org/archives/list/security-announce@python.org/thread/CV4NE6AFCRJL7XQOHX7J5TSDHUWVWGJS/