Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-1299
PUBLISHED
More InfoOfficial Page
Assigner-PSF
Assigner Org ID-28c92f92-d60d-412d-b760-e73465c3df22
View Known Exploited Vulnerability (KEV) details
Published At-23 Jan, 2026 | 16:27
Updated At-13 Feb, 2026 | 16:20
Rejected At-
▼CVE Numbering Authority (CNA)
email BytesGenerator header injection due to unquoted newlines

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

Affected Products
Vendor
Python Software FoundationPython Software Foundation
Product
CPython
Repo
https://github.com/python/cpython
Modules
  • email
Default Status
unaffected
Versions
Affected
  • From 0 before 3.13.12 (python)
  • From 3.14.0 before 3.14.3 (python)
  • From 3.15.0a1 before 3.15.0a6 (python)
Problem Types
TypeCWE IDDescription
CWECWE-93CWE-93
Type: CWE
CWE ID: CWE-93
Description: CWE-93
Metrics
VersionBase scoreBase severityVector
4.06.0MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/python/cpython/pull/144126
patch
https://github.com/python/cpython/issues/144125
issue-tracking
https://cve.org/CVERecord?id=CVE-2024-6923
related
https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/
vendor-advisory
https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413
patch
https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8
patch
https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9
patch
https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4
patch
https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36
patch
https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a
patch
Hyperlink: https://github.com/python/cpython/pull/144126
Resource:
patch
Hyperlink: https://github.com/python/cpython/issues/144125
Resource:
issue-tracking
Hyperlink: https://cve.org/CVERecord?id=CVE-2024-6923
Resource:
related
Hyperlink: https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/
Resource:
vendor-advisory
Hyperlink: https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413
Resource:
patch
Hyperlink: https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8
Resource:
patch
Hyperlink: https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9
Resource:
patch
Hyperlink: https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4
Resource:
patch
Hyperlink: https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36
Resource:
patch
Hyperlink: https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found