CVE-2026-5713

EUVD-2026-22311
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
PSFCNA
5.3 MEDIUM
LOCAL
HIGH
HIGH
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
pythoncpython
3.14.0 ≤
𝑥
< 3.14.5
CNA
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
python3.14
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-debug
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-devel
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-debug
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-devel
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-idle
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-libs
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-test
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-tkinter
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-idle
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-libs
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-test
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-tkinter
RHEL 9
0:3.14.4-2.el9_8
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
python3.14
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-debug
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-debuginfo
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-debugsource
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-devel
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-freethreading
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-freethreading-debug
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-freethreading-devel
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-freethreading-idle
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-freethreading-libs
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-freethreading-test
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-freethreading-tkinter
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-idle
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-libs
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-test
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed
python3.14-tkinter
Amazon Linux 2023
0:3.14.5-1.amzn2023.0.1
fixed