CVE Catalog

CVE-2026-0864

MediumCVSS 4.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

A vulnerability in the configparser module allows injection of unexpected keys and values into configuration files when writing multi-line text values containing carriage return characters ( ). An attacker can control the written value, leading to file content manipulation.

Risk Assessment

The risk involves potential modification of configuration files by an attacker, which may result in unauthorized changes to system or application configuration.

Recommendation

It is recommended to avoid writing multi-line values with characters using configparser or to apply proper input sanitization before writing.

Original NVD description (English source)

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS