AZL-75219

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75219.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-75219

Upstream

CVE-2026-1299

Published

2026-01-23T17:16:12Z

Modified

2026-04-01T05:22:50.129932Z

Summary

CVE-2026-1299 affecting package python3 for versions less than 3.9.19-18

Details

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

References

https://nvd.nist.gov/vuln/detail/CVE-2026-1299

Affected packages

Azure Linux:2 / python3

Package

Name: python3
Purl: pkg:rpm/azure-linux/python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.19-18

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75219.json"