CVE-2026-3446

EUVD-2026-21545
When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "validate=True" to enable stricter processing of base64 data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
PSFCNA
6 MEDIUM
NETWORK
HIGH
LOW
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
pythoncpython
𝑥
< 3.13.13
CNA
pythoncpython
3.14.0 ≤
𝑥
< 3.14.4
CNA
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpython3_10-1_0
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
libpython3_4m1_0
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
libpython3_4m1_0-32bit
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
libpython3_6m1_0
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
libpython3_9-1_0
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python3
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-base
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-curses
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-dbm
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-devel
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-idle
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-tk
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-tools
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
python310
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-base
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-curses
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-dbm
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-devel
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-idle
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-tk
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-tools
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python39
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python39-base
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python39-curses
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python39-dbm
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
Common Weakness Enumeration
References
https://github.com/python/cpython/commit/1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474
https://github.com/python/cpython/commit/4561f6418a691b3e89aef0901f53fe0dfb7f7c0e
https://github.com/python/cpython/commit/e31c55121620189a0d1a07b689762d8ca9c1b7fa
https://github.com/python/cpython/issues/145264
https://github.com/python/cpython/pull/145267
https://mail.python.org/archives/list/security-announce@python.org/thread/F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53/