CVE-2025-15282

N/A Unknown
Published: January 20, 2026 Modified: January 26, 2026
View on NVD

Description

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0
Source: cna@python.org
https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38
Source: cna@python.org
https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80
Source: cna@python.org
https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47
Source: cna@python.org
https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a
Source: cna@python.org
https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f
Source: cna@python.org
https://github.com/python/cpython/issues/143925
Source: cna@python.org
https://github.com/python/cpython/pull/143926
Source: cna@python.org
https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/
Source: cna@python.org

9 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.0%
14th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-93

Related CVEs

CVE-2026-5115 N/A
CVE-2026-4794 N/A
CVE-2026-32734 7.1
CVE-2026-30940 7.2
CVE-2026-30880 N/A