QSearchQSearch

CVE-2021-3426

5.7 MEDIUM

There's a flaw in Python 3's pydoc

Published: 2021-05-20 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.7 MEDIUM
Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-200, CWE-22

Affected products

VendorProduct
debiancloud_backup, communications_cloud_native_core_binding_support_function, debian_linux
fedoraprojectcloud_backup, communications_cloud_native_core_binding_support_function, debian_linux
netappcloud_backup, communications_cloud_native_core_binding_support_function, debian_linux
oraclecloud_backup, communications_cloud_native_core_binding_support_function, debian_linux
pythoncloud_backup, communications_cloud_native_core_binding_support_function, debian_linux
redhatcloud_backup, communications_cloud_native_core_binding_support_function, debian_linux

Description

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-1767 A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
  • CVE-2026-1766 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
  • CVE-2026-35273 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
  • CVE-2026-11793 A stack buffer overflow flaw was found in 389 Directory Server (4.9 MEDIUM)
  • CVE-2026-11790 A flaw was found in 389 Directory Server (4.9 MEDIUM)

Same CWE

  • CVE-2026-48777 FileBrowser Quantum is a free, self-hosted, web-based file manager
  • CVE-2026-12117 Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to ...
  • CVE-2026-12320 Information disclosure in the Password Manager component (4.3 MEDIUM)
  • CVE-2026-12311 Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
  • CVE-2026-8442 The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8 (8.1 HIGH)