Python Debugging Module Vulnerability in Privileged Processes
CVE-2026-5713

5.3MEDIUM

Key Information:

Vendor

Python Software Foundation

Status
Cpython
Vendor
CVE Published:
14 April 2026

What is CVE-2026-5713?

The vulnerability in Python's 'profiling.sampling' module and 'asyncio introspection capabilities' allows enabling remote debugging features that can be exploited by malicious entities. If a privileged process connects to a compromised Python environment, an attacker may gain unauthorized access to read and write memory addresses. This exploitation is possible with persistent connections, although it poses challenges due to Address Space Layout Randomization (ASLR) protections. Affected versions include Python 3.15 and 3.14.

Affected Version(s)

CPython 3.14.0 < 3.15.0

References

https://github.com/python/cpython/pull/148187
patch
https://github.com/python/cpython/issues/148178
issue-tracking
https://mail.python.org/archives/list/security-announce@p...
vendor-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nicholas Gould (https://github.com/gouldnicholas)
Pablo Galindo Salgado
Pablo Galindo Salgado
.