When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/0xxx/CVE-2026-0864.json",
"cna_assigner": "PSF",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "3.15.0"
}
],
"source": "AFFECTED_FIELD"
}
]
}