Vulnerability Description
When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "validate=True" to enable stricter processing of base64 data.
Related Weaknesses (CWE)
References
- https://github.com/python/cpython/commit/1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c47
- https://github.com/python/cpython/commit/4561f6418a691b3e89aef0901f53fe0dfb7f7c0
- https://github.com/python/cpython/commit/e31c55121620189a0d1a07b689762d8ca9c1b7f
- https://github.com/python/cpython/issues/145264
- https://github.com/python/cpython/pull/145267
- https://mail.python.org/archives/list/[email protected]/thread/F5ZT5I
FAQ
What is CVE-2026-3446?
CVE-2026-3446 is a documented vulnerability. When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can...
How severe is CVE-2026-3446?
CVSS scoring is not yet available for CVE-2026-3446. Check NVD for updates.
Is there a patch for CVE-2026-3446?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.