PT-2026-56605 · Zopefoundation · Restrictedpython

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-55830

CVSS v3.1

8.3

High

VectorAV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check function argument names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted positional-only arguments, allowing getattr , getitem , write , or print to be shadowed by a local parameter and bypass the embedding application's access policy. This issue is fixed in version 8.3.

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55830

Affected Products

Restrictedpython