vulnerability

Debian: CVE-2026-1299: python3.9 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:S/C:P/I:C/A:N)	Jan 27, 2026	Jan 27, 2026	Feb 2, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:C/A:N)

Published

Jan 27, 2026

Added

Jan 27, 2026

Modified

Feb 2, 2026

Description

The email module, specifically the "BytesGenerator" class, didnât properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

Solution

debian-upgrade-python3-9

References

CVE-2026-1299
https://attackerkb.com/topics/CVE-2026-1299
CWE-93
DEBIAN-DLA-4455-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today