CVE-2026-3276

Vulnerability Description

unicodedata.normalize() can take excessive CPU time when processing
specially crafted Unicode input containing long runs of combining characters
with alternating Canonical Combining Class values.
This affects all normalization forms.

Vulnerability Details

Published Date

June 03, 2026

Last Modified

June 03, 2026

CWE ID

CWE-407

Source

NVD

External References

https://github.com/python/cpython/issues/149079
https://github.com/python/cpython/pull/149080
https://mail.python.org/archives/list/security-announce@python.org/thread/PP5HB4K7727OBBM76KA2ILID76K3OZGZ/

CVE-2026-3276

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment