PT-2026-42782 · Pypi+3 · Idna+3

·

CVE-2026-39821

·

Published

2016-11-05

·

Updated

2026-07-15

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions idna (affected versions not specified)
Description The ToASCII() and ToUnicode() functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For instance, ToUnicode("xn--example-.com") returns "example.com" instead of an error. This behavior can lead to privilege escalation in programs using the idna package; a program performing privilege checks on an ASCII hostname might reject "example.com" but permit "xn--example-.com", and subsequently granting access to "example.com" after converting the hostname to Unicode.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:30853
ALSA-2026:30854
ALSA-2026:30855
ALSA-2026:34357
ALSA-2026:34359
ALSA-2026:35828
ALSA-2026:35829
ALSA-2026:35830
ALSA-2026:35831
ALSA-2026:37435
ALSA-2026:37436
ALSA-2026:38995
CLEANSTART-2026-BA41349
CLEANSTART-2026-BE05060
CLEANSTART-2026-BM78291
CLEANSTART-2026-BX78383
CLEANSTART-2026-CH64198
CLEANSTART-2026-CL67452
CLEANSTART-2026-CN27900
CLEANSTART-2026-CX34942
CLEANSTART-2026-EA12165
CLEANSTART-2026-EU52554
CLEANSTART-2026-FA38569
CLEANSTART-2026-FD47409
CLEANSTART-2026-FF85222
CLEANSTART-2026-GM77447
CLEANSTART-2026-HD10763
CLEANSTART-2026-HO16255
CLEANSTART-2026-IH16568
CLEANSTART-2026-IN26303
CLEANSTART-2026-JI51299
CLEANSTART-2026-JY65496
CLEANSTART-2026-KJ72865
CLEANSTART-2026-LA96053
CLEANSTART-2026-MC76610
CLEANSTART-2026-MI06133
CLEANSTART-2026-MO16862
CLEANSTART-2026-MR08661
CLEANSTART-2026-MW09143
CLEANSTART-2026-MZ00063
CLEANSTART-2026-NT30039
CLEANSTART-2026-NU38786
CLEANSTART-2026-PD78752
CLEANSTART-2026-PF69993
CLEANSTART-2026-PH30270
CLEANSTART-2026-QN97697
CLEANSTART-2026-RE02723
CLEANSTART-2026-RF77222
CLEANSTART-2026-RL64341
CLEANSTART-2026-RQ86436
CLEANSTART-2026-SQ76279
CLEANSTART-2026-SV92564
CLEANSTART-2026-SW10568
CLEANSTART-2026-SY48547
CLEANSTART-2026-UC73978
CLEANSTART-2026-UK19445
CLEANSTART-2026-VD09973
CLEANSTART-2026-VD47610
CLEANSTART-2026-VN16911
CLEANSTART-2026-VO11205
CLEANSTART-2026-VX15911
CLEANSTART-2026-WA48911
CLEANSTART-2026-WF25734
CLEANSTART-2026-WS85269
CLEANSTART-2026-XC13942
CLEANSTART-2026-XV65906
CLEANSTART-2026-YG71543
CLEANSTART-2026-YK91867
CLEANSTART-2026-YY48565
CLEANSTART-2026-ZL51442
CVE-2026-39821
GO-2026-5026
OPENSUSE-SU-2026:10856-1
OPENSUSE-SU-2026:10871-1
OPENSUSE-SU-2026:10872-1
OPENSUSE-SU-2026:10873-1
OPENSUSE-SU-2026:10875-1
OPENSUSE-SU-2026:10876-1
OPENSUSE-SU-2026:10877-1
OPENSUSE-SU-2026:10886-1
OPENSUSE-SU-2026:10887-1
OPENSUSE-SU-2026:10889-1
OPENSUSE-SU-2026:10899-1
OPENSUSE-SU-2026:10901-1
OPENSUSE-SU-2026:10908-1
OPENSUSE-SU-2026:10913-1
OPENSUSE-SU-2026:10921-1
OPENSUSE-SU-2026:10930-1
OPENSUSE-SU-2026:10971-1
OPENSUSE-SU-2026:10981-1
OPENSUSE-SU-2026:10997-1
OPENSUSE-SU-2026:11011-1
OPENSUSE-SU-2026:11012-1
OPENSUSE-SU-2026:11050-1
OPENSUSE-SU-2026:11053-1
OPENSUSE-SU-2026:11075-1
OPENSUSE-SU-2026:11107-1
OPENSUSE-SU-2026:11126-1
OPENSUSE-SU-2026:11144-1
OPENSUSE-SU-2026:11153-1
OPENSUSE-SU-2026:11199-1
OPENSUSE-SU-2026:20853-1
OPENSUSE-SU-2026:20854-1
OPENSUSE-SU-2026:20888-1
OPENSUSE-SU-2026:20892-1
OPENSUSE-SU-2026:20893-1
OPENSUSE-SU-2026:20902-1
OPENSUSE-SU-2026:20940-1
OPENSUSE-SU-2026:20956-1
OPENSUSE-SU-2026:20994-1
OPENSUSE-SU-2026:21010-1
OPENSUSE-SU-2026:21013-1
OPENSUSE-SU-2026:21060-1
OPENSUSE-SU-2026:21069-1
OPENSUSE-SU-2026:21079-1
OPENSUSE-SU-2026:21084-1
OPENSUSE-SU-2026:21120-1
OPENSUSE-SU-2026:21151-1
OPENSUSE-SU-2026:21157-1
OPENSUSE-SU-2026:21205-1
OPENSUSE-SU-2026:21210-1
OPENSUSE-SU-2026:21213-1
OPENSUSE-SU-2026:21241-1
OPENSUSE-SU-2026:21247-1
OPENSUSE-SU-2026:21251-1
OPENSUSE-SU-2026:21265-1
OPENSUSE-SU-2026:21277-1
RHSA-2026:23262
RHSA-2026:23264
RHSA-2026:30853
RHSA-2026:30854
RHSA-2026:30855
RHSA-2026:34357
RHSA-2026:34359
RHSA-2026:34789
RHSA-2026:35826
RHSA-2026:35827
RHSA-2026:35828
RHSA-2026:35829
RHSA-2026:35830
RHSA-2026:35831
RHSA-2026:36796
RHSA-2026:37435
RHSA-2026:37436
RHSA-2026:39573
RHSA-2026:39879
SUSE-OU-2016:2857-1
SUSE-SU-2026:22066-1
SUSE-SU-2026:22075-1
SUSE-SU-2026:22157-1
SUSE-SU-2026:22159-1
SUSE-SU-2026:22193-1
SUSE-SU-2026:22226-1
SUSE-SU-2026:22233-1
SUSE-SU-2026:22242-1
SUSE-SU-2026:22249-1
SUSE-SU-2026:22285-1
SUSE-SU-2026:22305-1
SUSE-SU-2026:22320-1
SUSE-SU-2026:22328-1
SUSE-SU-2026:22367-1
SUSE-SU-2026:22376-1
SUSE-SU-2026:22423-1
SUSE-SU-2026:22424-1
SUSE-SU-2026:22432-1
SUSE-SU-2026:22442-1
SUSE-SU-2026:22443-1
SUSE-SU-2026:22455-1
SUSE-SU-2026:22456-1
SUSE-SU-2026:22513-1
SUSE-SU-2026:22546-1
SUSE-SU-2026:22558-1
SUSE-SU-2026:22567-1
SUSE-SU-2026:22575-1
SUSE-SU-2026:2285-1
SUSE-SU-2026:2466-1
SUSE-SU-2026:2467-1
SUSE-SU-2026:2468-1
SUSE-SU-2026:2581-1
SUSE-SU-2026:2609-1
SUSE-SU-2026:2611-1
SUSE-SU-2026:2612-1
SUSE-SU-2026:2639-1
SUSE-SU-2026:2640-1
SUSE-SU-2026:2643-1
SUSE-SU-2026:2665-1
SUSE-SU-2026:2682-1
SUSE-SU-2026:2683-1
SUSE-SU-2026:2692-1
SUSE-SU-2026:2706-1
SUSE-SU-2026:2733-1
SUSE-SU-2026:2768-1
SUSE-SU-2026:2774-1
SUSE-SU-2026:2823-1
SUSE-SU-2026:2824-1
SUSE-SU-2026:2830-1
SUSE-SU-2026:3056-1
SUSE-SU-2026:3057-1
USN-8416-1

Affected Products

Linuxmint
Rocky Linux
Ubuntu
Idna