SecuriTricks - CVE-2026-3446

Description

When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "validate=True" to enable stricter processing of base64 data.

Product(s) Impacted

Vendor	Product	Versions
Python	Base64	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	python	base64	/	/	/	/	/	/	/	/

References

https://github.com/python/cpython/commit/1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474

https://github.com/python/cpython/commit/4561f6418a691b3e89aef0901f53fe0dfb7f7c0e

https://github.com/python/cpython/commit/e31c55121620189a0d1a07b689762d8ca9c1b7fa

https://github.com/python/cpython/issues/145264

https://github.com/python/cpython/pull/145267

https://mail.python.org/archives/list/[email protected]/thread/F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53/

CVSS Score

6.0 / 10

CVSS Data - 4.0

Attack Vector: NETWORK
Attack Complexity: HIGH
Attack Requirements: PRESENT
Privileges Required: LOW
User Interaction: NONE
Scope:
Confidentiality Impact: NONE
Integrity Impact: HIGH
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: April 10, 2026, 7:16 p.m.
Last Modified: April 10, 2026, 7:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-3446