email BytesGenerator header injection due to unquoted newlines_CVE-2026-1299

6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Description

The
email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when
serializing an email message allowing for header injection when an email
is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

Basic Information

ID CVE-2026-1299

Source PSF

Published Jan 23, 2026 at 16:27

Modified Jan 23, 2026 at 16:56

Affected Product

Vendor Python Software Foundation

Product CPython

Affected Versions Python Software Foundation CPython 0

CWE Classification

CWE-93

References

{
    "lastseen": "",
    "description": "The \nemail module, specifically the \"BytesGenerator\" class, didn\u2019t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized. This is only applicable if using \"LiteralHeader\" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\".",
    "published": "2026-01-23T16:27:13.346Z",
    "modified": "2026-01-23T16:56:22.155Z",
    "type": "cve",
    "title": "email BytesGenerator header injection due to unquoted newlines",
    "source": "PSF",
    "references": "https://github.com/python/cpython/pull/144126\nhttps://github.com/python/cpython/issues/144125\nhttps://cve.org/CVERecord?id=CVE-2024-6923\nhttps://mail.python.org/archives/list/[email protected]/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/\nhttps://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413",
    "id": "CVE-2026-1299",
    "bulletinFamily": "",
    "cwe": [
        "CWE-93"
    ],
    "cvelist": null,
    "sourceData": "Python Software Foundation CPython 0",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CPython",
    "version": "0",
    "vendor": "Python Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}