CVE-2026-39892

ADVISORY - github

Summary

If a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. For example:

h = Hash(SHA256())
b.update(buf[::-1])

would read past the end of the buffer on Python >3.11

EPSS Score⁠: 0.00021 (0.061)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-119⁠

Improper Restriction of Operations within the Bounds of a Memory Buffer

ADVISORY - github

CWE-119⁠

Improper Restriction of Operations within the Bounds of a Memory Buffer

ADVISORY - redhat

CWE-131⁠

Incorrect Calculation of Buffer Size

Impacted images

Advisories

NIST

CREATED

30 days ago

UPDATED

23 days ago

ADVISORY IDCVE-2026-39892⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-119⁠

CVSS SCORE

6.9medium

GitHub

CREATED

30 days ago

UPDATED

29 days ago

ADVISORY IDGHSA-p423-j2cm-9vmq⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-119⁠

CVSS SCORE

6.9medium

Alpine

CREATED

29 days ago

UPDATED

29 days ago

ADVISORY IDCVE-2026-39892⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

29 days ago

UPDATED

10 days ago

ADVISORY IDCVE-2026-39892⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

29 days ago

UPDATED

14 days ago

ADVISORY IDCVE-2026-39892⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8medium

Red Hat

CREATED

30 days ago

UPDATED

29 days ago

ADVISORY IDCVE-2026-39892⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-131⁠

CVSS SCORE

5.3medium

Chainguard

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

CGA-9c4c-5h22-fv67

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

MINI-48mw-84m4-mj38

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

MINI-49c3-26hx-838f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY ID

MINI-85qm-27f2-fx26

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

29 days ago

UPDATED

29 days ago

ADVISORY ID

MINI-89rm-vhw7-9rgw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

10 days ago

UPDATED

10 days ago

ADVISORY ID

MINI-gx47-x28g-h7gw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

MINI-jr38-pqp9-5c6r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

MINI-rw4r-jmx7-9f66

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

29 days ago

UPDATED

29 days ago

ADVISORY ID

MINI-v49p-r2xv-hc22

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY ID

MINI-wm23-4f6g-h5pm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY