vulnerability

Red Hat: CVE-2026-1299: cpython: email header injection due to unquoted newlines (Multiple Advisories)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:S/C:P/I:C/A:N)
Published
Jan 23, 2026
Added
Mar 13, 2026
Modified
Apr 1, 2026

Description

The
email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when
serializing an email message allowing for header injection when an email
is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

Solutions

redhat-upgrade-platform-pythonredhat-upgrade-platform-python-debugredhat-upgrade-platform-python-develredhat-upgrade-python-unversioned-commandredhat-upgrade-python3redhat-upgrade-python3-11redhat-upgrade-python3-11-debugredhat-upgrade-python3-11-debuginforedhat-upgrade-python3-11-debugsourceredhat-upgrade-python3-11-develredhat-upgrade-python3-11-idleredhat-upgrade-python3-11-libsredhat-upgrade-python3-11-rpm-macrosredhat-upgrade-python3-11-testredhat-upgrade-python3-11-tkinterredhat-upgrade-python3-12redhat-upgrade-python3-12-debugredhat-upgrade-python3-12-debuginforedhat-upgrade-python3-12-debugsourceredhat-upgrade-python3-12-develredhat-upgrade-python3-12-idleredhat-upgrade-python3-12-libsredhat-upgrade-python3-12-rpm-macrosredhat-upgrade-python3-12-testredhat-upgrade-python3-12-tkinterredhat-upgrade-python3-9-debuginforedhat-upgrade-python3-9-debugsourceredhat-upgrade-python3-debugredhat-upgrade-python3-debuginforedhat-upgrade-python3-debugsourceredhat-upgrade-python3-develredhat-upgrade-python3-idleredhat-upgrade-python3-libsredhat-upgrade-python3-testredhat-upgrade-python3-tkinter

References

    Title
    NEW

    Explore Exposure Command

    Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

    Try it today