vulnerability context

CVE-2026-9669

EPSS 29%CWE-121OTX 4 pulses

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.

Published 2026-06-08 · last modified 2026-06-23

details

CISA KEV status: Not in catalog
EPSS: 29% percentile (score 0.0038)
CWE: CWE-121
OTX pulses: 4 total, 0 recent

View on NVD → · cve.org

source mentions 2

CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflowMSRC Update Guide · 4d ago
[oss-security][CVE-2026-9669] CPython: bz2.BZ2Decompressor reuse after error can cause a stack buffer overflowoss-security · 14d ago

source consensus

MSRC Update Guide1×
oss-security1×

Want the 3-bullet summary of CVE-2026-9669, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →