Vulnerability Database

322,388

Total vulnerabilities in the database

CVE-2026-1299

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

Published: Jan 23, 2026
Updated: Jan 24, 2026
CVE: CVE-2026-1299
Exploit:

No technical information available.

CWEs:

CWE-93

Affected Software
References

No affected software listed.

https://cve.org/CVERecord?id=CVE-2024-6923
https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413
https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8
https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9
https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4
https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36
https://github.com/python/cpython/issues/144125
https://github.com/python/cpython/pull/144126
https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo