PT-2026-56605 · Zopefoundation · Restrictedpython
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-55830
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L |
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check function argument names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted positional-only arguments, allowing getattr , getitem , write , or print to be shadowed by a local parameter and bypass the embedding application's access policy. This issue is fixed in version 8.3.
Fix
Incomplete List of Disallowed Inputs
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Restrictedpython