CVE-2026-6019

EUVD-2026-25079
http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
PSFCNA
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
pythonpython
𝑥
< 3.15.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
pythoncpython
𝑥
< 3.15.0
CNA
Debian logo
Debian Releases
Debian Product
Codename
pypy3
bookworm
no-dsa
bullseye
postponed
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
trixie
no-dsa
python3.11
bookworm
no-dsa
bookworm (security)
vulnerable
python3.13
forky
vulnerable
sid
vulnerable
trixie
3.13.5-2+deb13u2
fixed
python3.14
forky
3.14.5-1
fixed
sid
3.14.5-1
fixed
python3.9
bullseye
postponed
bullseye (security)
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pypy3
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
python2.7
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
questing
dne
resolute
dne
trusty
needs-triage
xenial
needs-triage
python3.4
jammy
dne
noble
dne
questing
dne
resolute
dne
trusty
needs-triage
python3.5
jammy
dne
noble
dne
questing
dne
resolute
dne
trusty
needs-triage
xenial
needs-triage
python3.6
bionic
needs-triage
jammy
dne
noble
dne
questing
dne
resolute
dne
python3.7
bionic
needs-triage
jammy
dne
noble
dne
questing
dne
resolute
dne
python3.8
bionic
needs-triage
focal
needs-triage
jammy
dne
noble
dne
questing
dne
resolute
dne
python3.9
focal
needs-triage
jammy
dne
noble
dne
questing
dne
resolute
dne
python3.10
jammy
needs-triage
noble
dne
questing
dne
resolute
dne
python3.11
jammy
needs-triage
noble
dne
questing
dne
resolute
dne
python3.12
jammy
dne
noble
needs-triage
questing
dne
resolute
dne
python3.13
jammy
dne
noble
dne
questing
needs-triage
resolute
dne
python3.14
jammy
dne
noble
dne
questing
needs-triage
resolute
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpython3_10-1_0
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
libpython3_12-1_0
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
libpython3_4m1_0
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
libpython3_4m1_0-32bit
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
libpython3_6m1_0
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
libpython3_9-1_0
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python3
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-base
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-curses
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-dbm
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-devel
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-idle
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-tk
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-tools
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
python310
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-base
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-curses
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-dbm
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-devel
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-idle
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-tk
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-tools
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python312
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-base
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-curses
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-dbm
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-devel
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-idle
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-tk
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-tools
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python39
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python39-base
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python39-curses
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python39-dbm
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
Common Weakness Enumeration
References
https://github.com/python/cpython/commit/3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c
https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104
https://github.com/python/cpython/commit/f795e042043dfe26c42e1971d4502c1cdc4c65b8
https://github.com/python/cpython/issues/90309
https://github.com/python/cpython/pull/148848
https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/