CVE-2026-3276

ADVISORY - nist

Summary

unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-407⁠

Inefficient Algorithmic Complexity

Impacted images

Advisories

NIST

CREATED

19 hours ago

UPDATED

15 hours ago

ADVISORY IDCVE-2026-3276⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-407⁠

CVSS SCORE

6.3medium

Debian

CREATED

14 hours ago

UPDATED

3 hours ago

ADVISORY IDCVE-2026-3276⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY