Is idna affected by CVE-2026-45409?

PyPI idna is affected in <3.15.

Is CVE-2026-45409 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

← Toutes les vulnérabilités

MEDIUMSupply chain

CVE-2026-45409

Q: Is CVE-2026-45409 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

PyPI · idna

Résumé

Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize the `valid_contexto`

Références

https://github.com/kjd/idna/security/advisories/GHSA-65pc-fj4g-8rjx

Vulnérabilités liées

Tout Supply chain →

HIGHCVE-2026-52801
Gogs has the ability to import local repositories via Mirror Settings
HIGHCVE-2026-52800
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
HIGHCVE-2026-52799
Gogs Missing Authorization in Attachment Download
HIGHCVE-2026-52798
Gogs has Stored XSS in `.ipynb` Preview
MEDIUMCVE-2026-50179
@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields
HIGHCVE-2026-54353
@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation