Vulnerability in RestrictedPython Tool Affects Access Policy in Zope Foundation Applications
CVE-2026-55830
8.3HIGH
What is CVE-2026-55830?
The RestrictedPython tool, designed to limit the Python language subset for safe program input within trusted environments, has a vulnerability that allows local parameters to overshadow critical guard hooks. Prior to version 8.3, certain positional-only arguments were not adequately checked by the check_function_argument_names() function, enabling bypass of the application's access policy. This flaw poses security risks as it can be exploited to access restricted methods such as getattr, getitem, write, or print. The issue has been resolved in version 8.3.
Affected Version(s)
RestrictedPython < 8.3
