{ "threat_severity" : "Moderate", "public_date" : "2026-01-23T16:27:13Z", "bugzilla" : { "description" : "cpython: email header injection due to unquoted newlines", "id" : "2432437", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2432437" }, "cvss3" : { "cvss3_base_score" : "7.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-93", "details" : [ "The \nemail module, specifically the \"BytesGenerator\" class, didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\nis serialized. This is only applicable if using \"LiteralHeader\" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\".", "A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information." ], "statement" : "This issue can only be exploitable by Python applications using the LiteralHeader class to write email headers, as it does not respect email folding rules. Additionally, this issue allows attackers to modify message recipients or the email body and spoof sender identity but it does not cause memory corruption or arbitrary code execution. Due to these reasons, this vulnerability has been rated with a moderate severity.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-03-17T00:00:00Z", "advisory" : "RHSA-2026:4713", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "python3.12-0:3.12.12-3.el10_1.1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5315", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "python3.12-0:3.12.9-2.el10_0.7" }, { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6464", "cpe" : "cpe:/o:redhat:rhel_els:7", "package" : "python3-0:3.6.8-21.el7_9.4" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2128", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "python3-0:3.6.8-73.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-03-12T00:00:00Z", "advisory" : "RHSA-2026:4463", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "python3.12-0:3.12.12-3.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-03-12T00:00:00Z", "advisory" : "RHSA-2026:4473", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "python3.11-0:3.11.13-5.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2128", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "python3-0:3.6.8-73.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5216", "cpe" : "cpe:/a:redhat:rhel_aus:8.2", "package" : "python3-0:3.6.8-24.el8_2.6" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5221", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "python3-0:3.6.8-39.el8_4.9" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5221", "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4", "package" : "python3-0:3.6.8-39.el8_4.9" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5215", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "python3-0:3.6.8-47.el8_6.11" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5215", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "python3-0:3.6.8-47.el8_6.11" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5215", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "python3-0:3.6.8-47.el8_6.11" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2026-03-19T00:00:00Z", "advisory" : "RHSA-2026:5152", "cpe" : "cpe:/a:redhat:rhel_tus:8.8", "package" : "python3.11-0:3.11.2-2.el8_8.8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2026-03-30T00:00:00Z", "advisory" : "RHSA-2026:6008", "cpe" : "cpe:/a:redhat:rhel_tus:8.8", "package" : "python3-0:3.6.8-51.el8_8.13" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-03-19T00:00:00Z", "advisory" : "RHSA-2026:5152", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8", "package" : "python3.11-0:3.11.2-2.el8_8.8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-03-30T00:00:00Z", "advisory" : "RHSA-2026:6008", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8", "package" : "python3-0:3.6.8-51.el8_8.13" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-10T00:00:00Z", "advisory" : "RHSA-2026:4165", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "python3.12-0:3.12.12-4.el9_7.1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-10T00:00:00Z", "advisory" : "RHSA-2026:4168", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "python3.9-0:3.9.25-3.el9_7.1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-10T00:00:00Z", "advisory" : "RHSA-2026:4216", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "python3.11-0:3.11.13-5.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-10T00:00:00Z", "advisory" : "RHSA-2026:4168", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "python3.9-0:3.9.25-3.el9_7.1" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5219", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "python3.9-0:3.9.10-4.el9_0.9" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5223", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "python3.11-0:3.11.2-2.el9_2.10" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5225", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "python3.9-0:3.9.16-1.el9_2.12" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5226", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "python3.9-0:3.9.18-3.el9_4.11" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5399", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "python3.12-0:3.12.1-4.el9_4.11" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6253", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "python3.11-0:3.11.7-1.el9_4.11" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-03-17T00:00:00Z", "advisory" : "RHSA-2026:4746", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "python3.12-0:3.12.9-1.el9_6.6" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5218", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "python3.9-0:3.9.21-2.el9_6.4" }, { "product_name" : "Red Hat Ceph Storage 8", "release_date" : "2026-03-24T00:00:00Z", "advisory" : "RHSA-2026:5606", "cpe" : "cpe:/a:redhat:ceph_storage:8::el9", "package" : "rhceph/rhceph-8-rhel9:sha256:1160569002c25d3d349bbe41b57eeffade438853d3419edca01813227440f414" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4943", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/cds-rhel9:sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4943", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/haproxy-rhel9:sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4943", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/installer-rhel9:sha256:2c50c87906a1abebf427a70f401c409f1258cb55d2096f517db870ec991cfd7f" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4943", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/rhua-rhel9:sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "python3.14", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "python", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "python", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "python36:3.6/python36", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "python39-devel:3.9/python39", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "python3.14", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/bootc-aws-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/bootc-azure-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/bootc-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/bootc-gcp-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/code-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/pluginregistry-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-1299\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-1299\nhttps://cve.org/CVERecord?id=CVE-2024-6923\nhttps://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413\nhttps://github.com/python/cpython/issues/144125\nhttps://github.com/python/cpython/pull/144126\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/" ], "name" : "CVE-2026-1299", "mitigation" : { "value" : "To mitigate this issue, applications accepting user-supplied data for email headers should sanitize the input by stripping or rejecting any strings containing carriage return or line feed characters, '\\r' or '\\n', respectively, preventing malicious sequences that could lead to header manipulation.", "lang" : "en:us" }, "csaw" : false }