Red Hat Security Advisory: python3.9 security update
This advisory addresses multiple security vulnerabilities in python3. 9 as packaged for Red Hat Enterprise Linux 9. The issues include IMAP and POP3 command injection vulnerabilities (CVE-2025-15366 and CVE-2025-15367) and an email header injection vulnerability due to unquoted newlines (CVE-2026-1299). These vulnerabilities could allow injection of malicious commands in user-controlled inputs related to email protocols. Red Hat has released an updated python3. 9 package to fix these issues. The update is rated as having a moderate security impact. No CVSS scores are provided in the advisory. No known exploits in the wild have been reported at this time.
AI Analysis
Technical Summary
The Red Hat Security Advisory RHSA-2026:4168 reports security fixes for python3.9 in Red Hat Enterprise Linux 9. The fixed vulnerabilities include IMAP and POP3 command injection flaws (CVE-2025-15366, CVE-2025-15367) and an email header injection vulnerability caused by unquoted newlines (CVE-2026-1299). These issues stem from improper handling of user-controlled commands and input sanitization in the cpython implementation. The advisory covers multiple Red Hat Enterprise Linux 9 variants and CodeReady Linux Builder editions. Red Hat has published updated python3.9 packages resolving these vulnerabilities. The security impact is rated moderate by Red Hat Product Security. Detailed CVSS scores are not provided in the advisory, and no exploits have been observed in the wild.
Potential Impact
The vulnerabilities could allow an attacker to perform command injection via IMAP and POP3 commands or inject malicious content into email headers. This could potentially lead to unauthorized command execution or manipulation of email processing. However, the advisory rates the overall security impact as moderate and no known exploits have been reported. The issues affect python3.9 packages on Red Hat Enterprise Linux 9 and related products.
Mitigation Recommendations
Red Hat has released updated python3.9 packages that address these vulnerabilities. Users of affected Red Hat Enterprise Linux 9 and related products should apply the python3.9 security update as detailed in Red Hat advisory RHSA-2026:4168 and the referenced update article (https://access.redhat.com/articles/11258). Applying this official update is the recommended remediation. Patch status is confirmed as available and official.
Red Hat Security Advisory: python3.9 security update
Description
This advisory addresses multiple security vulnerabilities in python3. 9 as packaged for Red Hat Enterprise Linux 9. The issues include IMAP and POP3 command injection vulnerabilities (CVE-2025-15366 and CVE-2025-15367) and an email header injection vulnerability due to unquoted newlines (CVE-2026-1299). These vulnerabilities could allow injection of malicious commands in user-controlled inputs related to email protocols. Red Hat has released an updated python3. 9 package to fix these issues. The update is rated as having a moderate security impact. No CVSS scores are provided in the advisory. No known exploits in the wild have been reported at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Red Hat Security Advisory RHSA-2026:4168 reports security fixes for python3.9 in Red Hat Enterprise Linux 9. The fixed vulnerabilities include IMAP and POP3 command injection flaws (CVE-2025-15366, CVE-2025-15367) and an email header injection vulnerability caused by unquoted newlines (CVE-2026-1299). These issues stem from improper handling of user-controlled commands and input sanitization in the cpython implementation. The advisory covers multiple Red Hat Enterprise Linux 9 variants and CodeReady Linux Builder editions. Red Hat has published updated python3.9 packages resolving these vulnerabilities. The security impact is rated moderate by Red Hat Product Security. Detailed CVSS scores are not provided in the advisory, and no exploits have been observed in the wild.
Potential Impact
The vulnerabilities could allow an attacker to perform command injection via IMAP and POP3 commands or inject malicious content into email headers. This could potentially lead to unauthorized command execution or manipulation of email processing. However, the advisory rates the overall security impact as moderate and no known exploits have been reported. The issues affect python3.9 packages on Red Hat Enterprise Linux 9 and related products.
Mitigation Recommendations
Red Hat has released updated python3.9 packages that address these vulnerabilities. Users of affected Red Hat Enterprise Linux 9 and related products should apply the python3.9 security update as detailed in Red Hat advisory RHSA-2026:4168 and the referenced update article (https://access.redhat.com/articles/11258). Applying this official update is the recommended remediation. Patch status is confirmed as available and official.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:4168
- Cve Count
- 4
- Additional Cves
- ["CVE-2025-15367","CVE-2026-0865","CVE-2026-1299"]
- Cvss Version
- null
Threat ID: 6a175eeee29bf47b50edc5f9
Added to database: 5/27/2026, 9:15:26 PM
Last enriched: 5/27/2026, 9:21:03 PM
Last updated: 5/29/2026, 6:50:38 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.