PatchSiren cyber security CVE debrief

CVE-2026-5713 Python Software Foundation CVE debrief

This CVE affects Python's remote debugging capabilities introduced in versions 3.14+ (asyncio introspection) and 3.15+ (profiling.sampling module). The vulnerability allows a malicious or compromised Python process to read and write memory addresses in a privileged process that connects to it via the remote debugging feature. Exploitation requires persistent, repeated connections because ASLR causes high-likelihood crashes, making this a complex, multi-attempt attack. The CVSS 4.0 vector reflects high attack complexity (AC:H), privileged requirements (PR:H), and user interaction (UI:A), with high impacts to confidentiality and integrity (VC:H/VI:H) but no availability impact. The issue was disclosed on April 14, 2026, with NVD record modification on June 10, 2026; it remains in 'Awaiting Analysis' status. Two commits address the issue, and the Python security team issued an advisory via the security-announce mailing list.

Vendor: Python Software Foundation
Product: Python
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-04-14
Original CVE updated: 2026-06-10
Advisory published: 2026-04-14
Advisory updated: 2026-06-10

Who should care

Organizations running Python 3.14+ or 3.15+ with remote debugging enabled, especially in multi-tenant environments or where privileged processes interact with potentially untrusted Python instances; security teams monitoring for local privilege escalation vectors in Python deployments

Technical summary

The profiling.sampling module (Python 3.15+) and asyncio introspection capabilities (3.14+, including 'python -m asyncio ps' and 'python -m asyncio pstree') expose a vulnerability where a malicious or 'infected' Python process can read and write memory addresses in a privileged process that connects via remote debugging. The attack requires persistent, repeated connections due to ASLR causing high-likelihood crashes, making exploitation difficult but possible. The vulnerability is classified as MEDIUM severity (CVSS 5.3) with high confidentiality and integrity impacts under CVSS 4.0, reflecting the need for local access, high attack complexity, privileged prerequisites, and user interaction.

Defensive priority

medium

Recommended defensive actions

Upgrade Python to a patched version once available; monitor python/cpython commits ref-4 and ref-5 for backports
Disable or restrict access to remote debugging features (asyncio introspection in 3.14+, profiling.sampling in 3.15+) in production environments where privileged processes may connect to untrusted Python instances
Apply network segmentation and access controls to prevent privileged processes from connecting to untrusted or potentially compromised Python processes
Monitor for repeated connection attempts and crashes in processes using Python remote debugging, as exploitation requires persistent reconnection and ASLR-induced crashes
Review and restrict use of 'python -m asyncio ps', 'python -m asyncio pstree', and profiling.sampling module in security-sensitive deployments
Subscribe to Python security announcements via the [email protected] mailing list for updates

Evidence notes

Vendor identification is low-confidence based on reference domain candidate 'Python'; vendor field marked needsReview. CNA source is [email protected]. CVSS 4.0 vector provided in source metadata. No KEV listing. VulnStatus: Awaiting Analysis.

Official resources

CVE-2026-5713 CVE record
CVE.org
CVE-2026-5713 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
af854a3a-2127-422b-91ae-364da2661108

2026-04-14T16:16:48.717Z