PT-2026-51575 · Python · Cpython
D0N9
+2
·
Published
2026-06-23
·
Updated
2026-06-23
·
CVE-2026-0864
CVSS v4.0
4.1
Medium
| Vector | AV:L/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
When using the "configparser" module to write configuration files
containing multi-line text values with carriage return characters (r) the
resulting file could be injected with unexpected keys and values if the
attacker controls the written value.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cpython