Unrestricted Recursion in EmlParser Module Affects Python Applications
CVE-2026-44844

6.3MEDIUM

Key Information:

Vendor: Govcert-lu
Status: Eml Parser
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-44844?

The EmlParser module, used for parsing EML files in Python, has a significant issue in its get_raw_body_text() method. Prior to version 3.0.1, this method recursively processes nested message parts without a depth limit, leading to an unhandled RecursionError when encountering unusually crafted EML files. An attacker could exploit this by providing a malicious EML file with around 120 nested message or RFC822 attachments, resulting in a crash. Although a basic RFC compliance check would likely prevent such malformed files, this still represents a notable concern for applications relying on EmlParser for email handling. This vulnerability has been addressed in version 3.0.1.

Affected Version(s)

eml_parser < 3.0.1

References

https://github.com/GOVCERT-LU/eml_parser/security/advisor...

x_refsource_CONFIRM

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44844 Data

JSON

Govcert-lu

What is CVE-2026-44844?

Affected Version(s)

References

CVSS V4

Timeline