CVE-2026-3276

Published: Giu 03, 2026 Last Modified: Giu 03, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

unicodedata.normalize() can take excessive CPU time when processing
specially crafted Unicode input containing long runs of combining characters
with alternating Canonical Combining Class values.
This affects all normalization forms.

407

Inefficient Algorithmic Complexity

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability

Potential Impacts:

Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Low

View CWE Details

https://github.com/python/cpython/issues/149079

https://github.com/python/cpython/pull/149080

https://mail.python.org/archives/list/security-announce@pyt…

https://mail.python.org/archives/list/[email protected]/thread/PP5HB…

CVE-2026-3276

Description

Inefficient Algorithmic Complexity

Common Consequences

Applicable Platforms

Iscriviti alla newsletter