CVE-2026-0864
MediumCVSS 4.1Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
A vulnerability in the configparser module allows injection of unexpected keys and values into configuration files when writing multi-line text values containing carriage return characters ( ). An attacker can control the written value, leading to file content manipulation.
Risk Assessment
The risk involves potential modification of configuration files by an attacker, which may result in unauthorized changes to system or application configuration.
Recommendation
It is recommended to avoid writing multi-line values with characters using configparser or to apply proper input sanitization before writing.
Original NVD description (English source)
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.

