Zero Day MonitorZDM

← Back to list

—

CVE-2026-3446PATCHED

Python Software Foundation · CPython

Base64 decoding stops at first padded quad by default

Description

When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "validate=True" to enable stricter processing of base64 data.

Affected Products

Vendor	Product	Versions
Python Software Foundation	CPython	0, 3.14.0, 3.15.0a1

References

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-3446 | Python CPython up to 3.13.12/3.14.3/3.15.0a7 b64decode

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

3.13.133.14.43.15.0a8

PublishedApr 10, 2026

Last enriched2h agov2

Tags

CVE-2026-3446

Trending Score20

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34591EXP

Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write

HIGHCVE-2026-1502

HTTP client proxy tunnel headers not validated for CR/LF

NONECVE-2026-4519EXP

webbrowser.open() allows leading dashes in URLs

NONECVE-2025-13462

tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

NONECVE-2026-3644

Incomplete control character validation in http.cookies

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 10, 2026

Discovered by ZDM

Apr 10, 2026

Updated: affectedVersions, tags

Apr 10, 2026

Patch Available

Apr 10, 2026

Version History

v2

Last enriched 2h ago

v2Tier C2h ago

Updated affected versions, severity to HIGH, and added CVE-2026-3446 tag.

affectedVersionstags

via VulDB

v12h ago

Initial creation