CVE-2021-3426
5.7 MEDIUMThere's a flaw in Python 3's pydoc
Published: 2021-05-20 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 5.7 MEDIUM
- Vector
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-200, CWE-22
Affected products
| Vendor | Product |
|---|---|
| debian | cloud_backup, communications_cloud_native_core_binding_support_function, debian_linux |
| fedoraproject | cloud_backup, communications_cloud_native_core_binding_support_function, debian_linux |
| netapp | cloud_backup, communications_cloud_native_core_binding_support_function, debian_linux |
| oracle | cloud_backup, communications_cloud_native_core_binding_support_function, debian_linux |
| python | cloud_backup, communications_cloud_native_core_binding_support_function, debian_linux |
| redhat | cloud_backup, communications_cloud_native_core_binding_support_function, debian_linux |
Description
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3426
- [Patch]https://bugzilla.redhat.com/show_bug.cgi?id=1935913
- [Other]https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
- [Other]https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
- [Other]https://security.gentoo.org/glsa/202104-04
- [Other]https://security.netapp.com/advisory/ntap-20210629-0003/
- [Patch]https://www.oracle.com/security-alerts/cpujan2022.html
- [Patch]https://www.oracle.com/security-alerts/cpuoct2021.html
- [Patch]https://bugzilla.redhat.com/show_bug.cgi?id=1935913
- [Other]https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
- [Other]https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
- [Other]https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
- [Other]https://security.gentoo.org/glsa/202104-04
- [Other]https://security.netapp.com/advisory/ntap-20210629-0003/
- [Patch]https://www.oracle.com/security-alerts/cpujan2022.html
- [Patch]https://www.oracle.com/security-alerts/cpuoct2021.html
Related CVEs
Same vendor
- CVE-2026-1767 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
- CVE-2026-1766 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
- CVE-2026-35273 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
- CVE-2026-11793 — A stack buffer overflow flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11790 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
Same CWE
- CVE-2026-48777 — FileBrowser Quantum is a free, self-hosted, web-based file manager
- CVE-2026-12117 — Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to ...
- CVE-2026-12320 — Information disclosure in the Password Manager component (4.3 MEDIUM)
- CVE-2026-12311 — Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
- CVE-2026-8442 — The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8 (8.1 HIGH)