Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Python 3.14+ Remote Debugging Feature Allows Malicious Access
CVE-2026-5713
PSF-2026-19
Summary
A security risk exists in Python versions 3.14 and later, specifically in the remote debugging feature. This allows a malicious process to potentially access and control a target process if it is connected to the malicious process. To mitigate this risk, restrict access to the remote debugging feature and consider disabling it if not used.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Bitnami | – | libpython | >= 3.15.0 |
| Bitnami | – | python | >= 3.15.0 |
| Bitnami | – | python-min | >= 3.15.0 |
Original title
Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target
Original description
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.
nvd CVSS4.0
5.3
Vulnerability type
CWE-121
Stack-based Buffer Overflow
CWE-125
Out-of-bounds Read
- https://github.com/python/cpython/issues/148178
- https://github.com/python/cpython/pull/148187
- https://mail.python.org/archives/list/[email protected]/thread/OG4RHA...
- http://www.openwall.com/lists/oss-security/2026/04/15/6 URL
- https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e6... Patch
- https://nvd.nist.gov/vuln/detail/CVE-2026-5713 URL
Published: 14 Apr 2026 · Updated: 17 Apr 2026 · First seen: 14 Apr 2026