CVE Vulnerabilities

CVE-2026-11972

Unchecked Return Value

Published: Jun 23, 2026 | Modified: Jun 30, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

When using the tarfile module with a file opened in streaming mode (mode=r|) the tarfile module did not properly handle EOF, making archive parsing take exponentially longer.

Weakness

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Affected Software

NameVendorStart VersionEnd Version
Red Hat Hardened ImagesRedHatpython3-14-main-3.14.6-1.2.hum1*
Red Hat Hardened ImagesRedHatpython3-11-main-3.11.15-4.4.hum1*
Red Hat Hardened ImagesRedHatpython3-13-main-3.13.14-1.2.hum1*
Red Hat Hardened ImagesRedHatpython3-12-main-3.12.13-3.3.hum1*
Python3.13Ubuntuquesting*
Python3.14Ubuntuquesting*

Potential Mitigations

References