CVE-2026-3276

EUVD-2026-34103
unicodedata.normalize() can take excessive CPU time when processing
specially crafted Unicode input containing long runs of combining characters
with alternating Canonical Combining Class values.
This affects all normalization forms.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
PSFCNA
6.3 MEDIUM
NETWORK
LOW
NONE
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
pythoncpython
𝑥
< 3.13.14
CNA
pythoncpython
3.14.0 ≤
𝑥
< 3.14.6
CNA
Debian logo
Debian Releases
Debian Product
Codename
python2.7
bullseye
vulnerable
python3.11
bookworm
no-dsa
bookworm (security)
vulnerable
python3.13
forky
3.13.14-1
fixed
sid
3.13.14-1
fixed
trixie
3.13.5-2+deb13u3
fixed
python3.14
forky
3.14.6-1
fixed
sid
3.14.6-1
fixed
python3.9
bullseye
postponed
bullseye (security)
vulnerable
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
python3.13
Amazon Linux 2023
0:3.13.14-1.amzn2023.0.1
fixed
python3.13-debug
Amazon Linux 2023
0:3.13.14-1.amzn2023.0.1
fixed
python3.13-debuginfo
Amazon Linux 2023
0:3.13.14-1.amzn2023.0.1
fixed
python3.13-debugsource
Amazon Linux 2023
0:3.13.14-1.amzn2023.0.1
fixed
python3.13-devel
Amazon Linux 2023
0:3.13.14-1.amzn2023.0.1
fixed
python3.13-freethreading
Amazon Linux 2023
0:3.13.14-1.amzn2023.0.1
fixed
python3.13-freethreading-debug
Amazon Linux 2023
0:3.13.14-1.amzn2023.0.1
fixed
python3.13-idle
Amazon Linux 2023
0:3.13.14-1.amzn2023.0.1
fixed
python3.13-libs
Amazon Linux 2023
0:3.13.14-1.amzn2023.0.1
fixed
python3.13-test
Amazon Linux 2023
0:3.13.14-1.amzn2023.0.1
fixed
python3.13-tkinter
Amazon Linux 2023
0:3.13.14-1.amzn2023.0.1
fixed
python3.14
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-debug
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-debuginfo
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-debugsource
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-devel
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-freethreading
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-freethreading-debug
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-freethreading-devel
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-freethreading-idle
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-freethreading-libs
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-freethreading-test
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-freethreading-tkinter
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-idle
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-libs
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-test
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed
python3.14-tkinter
Amazon Linux 2023
0:3.14.6-1.amzn2023.0.1
fixed