Python vulnerabilities
Summary
It was discovered that Python incorrectly normalized paths in the tarfile module. An attacker could possibly use this issue to bypass path restrictions. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-13462) It was discovered that Python's HTMLParser incorrectly handled certain malformed HTML input. An attacker could possibly use this issue to cause Python to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-69534) It was discovered that Python's email module incorrectly quoted newlines in headers. An attacker could possibly use this issue to inject arbitrary email headers. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2026-1299) It was discovered that Python's http.client module did not properly sanitize carriage return and linefeed characters when handling HTTP CONNECT tunnel request headers. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-1502) It was discovered that Python's importlib module did not generate an audit event when loading legacy .pyc files. An attacker could possibly use this issue to bypass auditing mechanisms. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2026-2297) It was discovered that Python's unicodedata.normalize() function had incorrect algorithmic complexity. An attacker could p Affected Ubuntu releases: 26.04, 24.04, 22.04. CVEs: CVE-2026-9669, CVE-2026-6019, CVE-2026-3644, CVE-2025-13462, CVE-2026-7774, CVE-2021-4189, CVE-2026-4224, CVE-2026-1299….
- Ubuntu 26.04
- Ubuntu 24.04
- Ubuntu 22.04
Official advisory · medium-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Apply available updates: `sudo apt update && sudo apt upgrade` (a standard system update installs the fix).
Official advisory · medium-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.