CVE-2026-11972
ADVISORY - dockerSummary
When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer.
EPSS Score: 0.00318 (0.236)
Common Weakness Enumeration (CWE)
Docker
CREATED
UPDATED
ADVISORY ID
CVE-2026-11972
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| python | dhi | - | - | >=0 | Not yet available |
| alpine/python-3.10 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.11 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.12 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.13 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.14 | apk | alpine | 3.23 | >=0 | Not yet available |
| debian/python-3.10 | deb | debian | 13 | >=0 | Not yet available |
| debian/python-3.11 | deb | debian | 13 | >=0 | Not yet available |
| debian/python-3.12 | deb | debian | 13 | >=0 | Not yet available |
| debian/python-3.13 | deb | debian | 13 | >=0 | Not yet available |
| debian/python-3.14 | deb | debian | 13 | >=0 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-11972
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumBitnami
CREATED
UPDATED
ADVISORY ID
BIT-libpython-2026-11972
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
8.2highBitnami
CREATED
UPDATED
ADVISORY ID
BIT-python-2026-11972
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
8.2highBitnami
CREATED
UPDATED
ADVISORY ID
BIT-python-min-2026-11972
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-