CVE-2026-3276

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 03, 2026

Vendor unknown

Description

unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.

References

https://github.com/python/cpython/issues/149079
https://github.com/python/cpython/pull/149080
https://mail.python.org/archives/list/security-announce@python.org/thread/PP5HB4K7727OBBM76KA2ILID76K3OZGZ/