CVE-2026-9147 | scikit-hep uproot up to 5.7.4 StreamerInfo streamer element names injection
A vulnerability categorized as critical has been discovered in scikit-hep uproot up to 5.7.4. This affects an unknown part of the component StreamerInfo. The manipulation of the argument streamer element names results in injection.
This vulnerability is reported as CVE-2026-9147. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More