CVE-2026-1299

N/A Unknown
Published: January 23, 2026 Modified: February 13, 2026
View on NVD

Description

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://cve.org/CVERecord?id=CVE-2024-6923
Source: cna@python.org
https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413
Source: cna@python.org
https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8
Source: cna@python.org
https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9
Source: cna@python.org
https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4
Source: cna@python.org
https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36
Source: cna@python.org
https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a
Source: cna@python.org
https://github.com/python/cpython/issues/144125
Source: cna@python.org
https://github.com/python/cpython/pull/144126
Source: cna@python.org
https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/
Source: cna@python.org

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.0%
12th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-93

Related CVEs

CVE-2026-5121 N/A
CVE-2026-4416 7.8
CVE-2026-4415 8.1
CVE-2026-3945 7.5
CVE-2026-2328 7.5