CVE-2026-0864

Vulnerability Description

When using the "configparser" module to write configuration files
containing multi-line text values with carriage return characters (\r) the
resulting file could be injected with unexpected keys and values if the
attacker controls the written value.

Vulnerability Details

Published Date

June 23, 2026

Last Modified

June 23, 2026

CWE ID

CWE-74

Source

NVD

External References

https://github.com/python/cpython/commit/5858e42c539dac8394636a6e9b30472b8994851f
https://github.com/python/cpython/issues/143927
https://github.com/python/cpython/pull/151559
https://mail.python.org/archives/list/security-announce@python.org/thread/CV4NE6AFCRJL7XQOHX7J5TSDHUWVWGJS/

CVE-2026-0864

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment