PatchSiren cyber security CVE debrief
CVE-2026-55830 zopefoundation CVE debrief
CVE-2026-55830 is a high-severity vulnerability in RestrictedPython, a tool for defining a subset of the Python language for trusted environments. The issue, fixed in version 8.3, allows certain protected guard hook names to be shadowed by local parameters, potentially bypassing access policies. This could allow attackers to bypass access controls by shadowing sensitive names like __getattr__, _getitem_, _write_, or _print_ with local parameters. Users of RestrictedPython should be aware of this vulnerability and take steps to mitigate it, especially those embedding it in applications to provide a trusted environment for executing untrusted code.
- Vendor
- zopefoundation
- Product
- RestrictedPython
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-10
Who should care
Users of RestrictedPython, especially those embedding it in applications to provide a trusted environment for executing untrusted code, should be aware of this vulnerability and take steps to mitigate it. This includes reviewing and updating code that uses RestrictedPython, implementing additional monitoring and access controls, and tracking exceptions and remediation efforts.
Technical summary
Prior to version 8.3, RestrictedPython's check_function_argument_names() function did not properly reject protected guard hook names for positional-only arguments. This oversight could allow attackers to bypass access controls by shadowing sensitive names like __getattr__, _getitem_, _write_, or _print_ with local parameters. The issue is fixed in version 8.3 of RestrictedPython. Users should review and update code that uses RestrictedPython to ensure it is not vulnerable to this issue.
Defensive priority
High
Recommended defensive actions
- Upgrade to RestrictedPython version 8.3 or later
- Review and update code that uses RestrictedPython to ensure it is not vulnerable to this issue
- Implement additional monitoring and access controls to detect and prevent potential exploitation
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-08T22:17:15.653Z and last modified on 2026-07-10T19:06:45.623Z. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD details. Defenders should verify the official CVE record and NVD entry for the most current information. The issue is fixed in version 8.3 of RestrictedPython.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T22:17:15.653Z and has not been modified since then. The NVD entry is currently Deferred.