PYSEC-2026-806

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/eth-account/PYSEC-2026-806.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-806
Aliases
Published
2026-07-06T08:03:32.122936Z
Modified
2026-07-07T11:45:45.530149241Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Regular expression denial of service in eth-account
Details

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encodestructureddata method

References

Affected packages

PyPI / eth-account

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.9

Affected versions

0.*
0.1.0a1
0.1.0a2
0.2.0a0
0.2.0
0.2.1
0.2.2
0.2.3
0.3.0
0.4.0
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/eth-account/PYSEC-2026-806.yaml"