NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-3276

Summary	unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.
Publication Date	June 4, 2026, 1:16 a.m.
Registration Date	June 4, 2026, 4:16 a.m.
Last Update	June 4, 2026, 1:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/python/cpython/issues/149079	cna@python.org
2	https://github.com/python/cpython/pull/149080	cna@python.org
3	https://mail.python.org/archives/list/security-announce@python.org/thread/PP5HB4K7727OBBM76KA2ILID76K3OZGZ/	cna@python.org

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-407	アルゴリズムの複雑性	https://cwe.mitre.org/data/definitions/407.html