CVE-2026-6100 | Python CPython up to 3.14.x Decompression Call use after free (ID 148395)

A vulnerability described as critical has been identified in Python CPython up to 3.14.x. Impacted is the function lzma.LZMADecompressor/bz2.BZ2Decompressor/gzip.GzipFile of the component Decompression Call Handler. Executing a manipulation can lead to use after free.

This vulnerability appears as CVE-2026-6100. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More