← Volver a CVEs
CVE-2026-5713
N/ADescripcion
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado4/14/2026
Ultima modificacion4/17/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-121CWE-125
Referencias
https://github.com/python/cpython/issues/148178(cna@python.org)
https://github.com/python/cpython/pull/148187(cna@python.org)
https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/(cna@python.org)
http://www.openwall.com/lists/oss-security/2026/04/15/6(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.