Vulnerability in RestrictedPython Tool Affects Access Policy in Zope Foundation Applications
CVE-2026-55830

8.3HIGH

Key Information:

Vendor
CVE Published:
8 July 2026

What is CVE-2026-55830?

The RestrictedPython tool, designed to limit the Python language subset for safe program input within trusted environments, has a vulnerability that allows local parameters to overshadow critical guard hooks. Prior to version 8.3, certain positional-only arguments were not adequately checked by the check_function_argument_names() function, enabling bypass of the application's access policy. This flaw poses security risks as it can be exploited to access restricted methods such as getattr, getitem, write, or print. The issue has been resolved in version 8.3.

Affected Version(s)

RestrictedPython < 8.3

References

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.