CVE-2026-5713 — Stack-based Buffer Overflow in Software Foundation Cpython
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 97.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 14
Description
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to A…
CVSS vector
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Packages1 packages
🔴Vulnerability Details
2📋Vendor Advisories
1Red Hat▶
python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.↗2026-04-14
💬Community
13Bugzilla▶
CVE-2026-5713 python3.9: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process. [fedora-all]↗2026-04-14
Bugzilla▶
CVE-2026-5713 python3.15: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process. [fedora-all]↗2026-04-14
Bugzilla▶
CVE-2026-5713 python3.10: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process. [fedora-all]↗2026-04-14
Bugzilla▶
CVE-2026-5713 python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.↗2026-04-14
Bugzilla▶
CVE-2026-5713 python3.14: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process. [fedora-all]↗2026-04-14