python3.14-libs (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package python3.14-libs, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2026-6100 — CVSS 8.1 (high): Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails…
CVE-2026-4224 — CVSS 7.5 (high): When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content…
CVE-2026-3644 — CVSS 7.5 (high): The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and…
CVE-2026-4786 — CVSS 7.1 (high): Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the…
CVE-2026-0865: User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2026-1502: CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
CVE-2026-2297: The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and…
CVE-2026-5713: The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m…
CVE-2026-4519 — CVSS 3.3 (low): The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers…