Red Hat Security Advisory: python3.11 security update
A security advisory from Red Hat addresses multiple vulnerabilities in python3. 11 affecting Red Hat Enterprise Linux 8 and related products. The issues include header newline injection in wsgiref. headers. Headers (CVE-2026-0865), IMAP and POP3 command injection via user-controlled commands (CVE-2025-15366 and CVE-2025-15367), and email header injection due to unquoted newlines (CVE-2026-1299). These vulnerabilities have been rated with a moderate security impact by Red Hat. The advisory provides updated packages to remediate these issues.
AI Analysis
Technical Summary
This Red Hat security advisory (RHSA-2026:4473) covers four vulnerabilities in the python3.11 package used in Red Hat Enterprise Linux 8 and related distributions. The vulnerabilities include: 1) header newline injection in the wsgiref.headers.Headers module (CVE-2026-0865), 2) IMAP command injection in user-controlled commands (CVE-2025-15366), 3) POP3 command injection in user-controlled commands (CVE-2025-15367), and 4) email header injection caused by unquoted newlines (CVE-2026-1299). These issues relate to improper handling of input in Python modules that could allow injection attacks. Red Hat has released updated python3.11 packages to address these vulnerabilities. The advisory rates the overall security impact as moderate and does not indicate any known exploits in the wild.
Potential Impact
The vulnerabilities could allow injection attacks via crafted input in Python modules handling email headers and IMAP/POP3 commands, potentially leading to unintended command execution or header manipulation. Red Hat classifies the security impact as moderate. There are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Red Hat has released updated python3.11 packages for Red Hat Enterprise Linux 8 and related products that fix these vulnerabilities. Users should apply the security update as described in the Red Hat advisory RHSA-2026:4473 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor beyond applying the official update.
Red Hat Security Advisory: python3.11 security update
Description
A security advisory from Red Hat addresses multiple vulnerabilities in python3. 11 affecting Red Hat Enterprise Linux 8 and related products. The issues include header newline injection in wsgiref. headers. Headers (CVE-2026-0865), IMAP and POP3 command injection via user-controlled commands (CVE-2025-15366 and CVE-2025-15367), and email header injection due to unquoted newlines (CVE-2026-1299). These vulnerabilities have been rated with a moderate security impact by Red Hat. The advisory provides updated packages to remediate these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This Red Hat security advisory (RHSA-2026:4473) covers four vulnerabilities in the python3.11 package used in Red Hat Enterprise Linux 8 and related distributions. The vulnerabilities include: 1) header newline injection in the wsgiref.headers.Headers module (CVE-2026-0865), 2) IMAP command injection in user-controlled commands (CVE-2025-15366), 3) POP3 command injection in user-controlled commands (CVE-2025-15367), and 4) email header injection caused by unquoted newlines (CVE-2026-1299). These issues relate to improper handling of input in Python modules that could allow injection attacks. Red Hat has released updated python3.11 packages to address these vulnerabilities. The advisory rates the overall security impact as moderate and does not indicate any known exploits in the wild.
Potential Impact
The vulnerabilities could allow injection attacks via crafted input in Python modules handling email headers and IMAP/POP3 commands, potentially leading to unintended command execution or header manipulation. Red Hat classifies the security impact as moderate. There are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Red Hat has released updated python3.11 packages for Red Hat Enterprise Linux 8 and related products that fix these vulnerabilities. Users should apply the security update as described in the Red Hat advisory RHSA-2026:4473 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor beyond applying the official update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:4473
- Cve Count
- 4
- Additional Cves
- ["CVE-2025-15367","CVE-2026-0865","CVE-2026-1299"]
- Cvss Version
- null
Threat ID: 6a175eeee29bf47b50edc5e7
Added to database: 5/27/2026, 9:15:26 PM
Last enriched: 5/27/2026, 9:20:52 PM
Last updated: 5/29/2026, 5:27:37 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.