CVE-2026-3446

CVSS v4.0

6.0

Medium

Vector

AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Base64 (affected versions not specified)

Description The decoding process using base64.b64decode() or related functions would halt upon encountering the first padded quad, even if additional data remained. This could result in the acceptance of data that might be handled differently by other implementations. Using "validate=True" enables stricter base64 data processing.

Recommendations Utilize "validate=True" when calling base64.b64decode() or related functions to enforce stricter base64 data processing.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

BIT-LIBPYTHON-2026-3446

BIT-PYTHON-2026-3446

BIT-PYTHON-MIN-2026-3446

CVE-2026-3446

ECHO-9EDA-DA65-C052

OPENSUSE-SU-2026:10579-1

OPENSUSE-SU-2026:10580-1

OPENSUSE-SU-2026:10667-1

PSF-2026-16

RHSA-2026:10118

RHSA-2026:7443

RHSA-2026:7661

SUSE-SU-2026:1503-1

Affected Products

Base64

CVE-2026-3446

Weakness Enumeration

Related Identifiers

Affected Products

References · 34