CVE-2025-15367

Published: Jan 20, 2026

Modified: Feb 26, 2026

PUBLISHED

Description

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Vendor	Product	Versions
Python Software Foundation	CPython	affected `0 - < 3.15.0a6`

Weaknesses (CWE)

CWE-77

References

https://github.com/python/cpython/pull/143924

patch

https://github.com/python/cpython/issues/143923

issue-tracking

https://mail.python.org/archives/list/[email protected]/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/

vendor-advisory

https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874e7

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-15367

Description

Affected Products

Weaknesses (CWE)

References