PT-2026-26970 · Pygments · Pygments

Ybdesire

Publicado

2026-03-22

Atualizado

2026-06-09

CVE-2026-4539

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions pygments versions up to 2.19.2

Description A security flaw exists in pygments. The issue resides within the AdlLexer function located in the pygments/lexers/archetype.py file, leading to inefficient regular expression complexity. This manipulation is only exploitable with local access. The exploit has been publicly released. The project was notified of the issue but has not yet responded.

Recommendations Versions prior to 2.19.2 should be updated. As a temporary workaround, consider restricting access to the AdlLexer function until a patch is available.

Exploit

Correção

Resource Exhaustion

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-1333

Identificadores relacionados

CVE-2026-4539

GHSA-5239-WWWM-4PMQ

MGASA-2026-0090

OESA-2026-1873

OPENSUSE-SU-2026:10476-1

OPENSUSE-SU-2026:20931-1

SUSE-SU-2026:22058-1

SUSE-SU-2026:22093-1

Produtos afetados

Pygments

PT-2026-26970 · Pygments · Pygments

CVE-2026-4539

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33