CVE-2026-3276

ADVISORY - nist

Summary

unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.

EPSS Score⁠: 0.00475 (0.373)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-407⁠

Inefficient Algorithmic Complexity

ADVISORY - redhat

CWE-606⁠

Unchecked Input for Loop Condition

Impacted images

Advisories

Docker

CREATED

16 days ago

UPDATED

3 days ago

ADVISORY ID

CVE-2026-3276

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
python	dhi	-	-	<3.13.14	3.13.14
alpine/python-3.10	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.10	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.10	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.11	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.11	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.11	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.12	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.12	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.12	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.13	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.13	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.13	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.14	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.14	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.14	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.10	deb	debian	13	<3.13.14	3.13.14
debian/python-3.10	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.10	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.11	deb	debian	13	<3.13.14	3.13.14
debian/python-3.11	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.11	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.12	deb	debian	13	<3.13.14	3.13.14
debian/python-3.12	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.12	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.13	deb	debian	13	<3.13.14	3.13.14
debian/python-3.13	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.13	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.14	deb	debian	13	<3.13.14	3.13.14
debian/python-3.14	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.14	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
python	dhi	-	-	>=3.14.0-alpha1,<3.14.6	3.14.6
python	dhi	-	-	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

16 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-3276⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-407⁠

CVSS SCORE

6.3medium

Debian

CREATED

16 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-3276⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

15 days ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-3276⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

14 days ago

UPDATED

1 day ago

ADVISORY ID

BIT-libpython-2026-3276

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.3medium

Bitnami

CREATED

14 days ago

UPDATED

1 day ago

ADVISORY ID

BIT-python-2026-3276

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.3medium

Bitnami

CREATED

14 days ago

UPDATED

1 day ago

ADVISORY ID

BIT-python-min-2026-3276

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.3medium

Red Hat

CREATED

16 days ago

UPDATED

15 days ago

ADVISORY IDCVE-2026-3276⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-606⁠

CVSS SCORE

5.3medium

Chainguard

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY ID

CGA-94jq-8xf3-wq3h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

MINI-67v5-5v24-jh8c

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

MINI-9v2v-xjjc-6jgv

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

23 hours ago

UPDATED

23 hours ago

ADVISORY ID

MINI-hx78-vpm4-v27v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

23 hours ago

UPDATED

23 hours ago

ADVISORY ID

MINI-jvq7-3xx7-f62p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

MINI-pfv8-h995-8369

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY