RLSA-2026:19176

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

• cpython: wsgiref.headers.Headers allows header newline injection in Python (CVE-2026-0865)

• cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)

• cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)

• cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)

• python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)

• python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)

• python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)

• python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)

• python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process. (CVE-2026-5713)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.