PT-2026-26970 · Pygments · Pygments

Ybdesire

Published

2026-03-22

Updated

2026-06-09

CVE-2026-4539

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions pygments versions up to 2.19.2

Description A security flaw exists in pygments. The issue resides within the AdlLexer function located in the pygments/lexers/archetype.py file, leading to inefficient regular expression complexity. This manipulation is only exploitable with local access. The exploit has been publicly released. The project was notified of the issue but has not yet responded.

Recommendations Versions prior to 2.19.2 should be updated. As a temporary workaround, consider restricting access to the AdlLexer function until a patch is available.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333CWE-400

Related Identifiers

CVE-2026-4539

GHSA-5239-WWWM-4PMQ

MGASA-2026-0090

OESA-2026-1873

OPENSUSE-SU-2026:10476-1

OPENSUSE-SU-2026:20931-1

SUSE-SU-2026:22058-1

SUSE-SU-2026:22093-1

Affected Products

Pygments

PT-2026-26970 · Pygments · Pygments

CVE-2026-4539

Weakness Enumeration

Related Identifiers

Affected Products

References · 33