7.5
HIGH CVSS 3.1
CVE-2026-23490
pyasn1 has a DoS vulnerability in decoder
Description

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

INFO

Published Date :

Jan. 16, 2026, 7:16 p.m.

Last Modified :

June 30, 2026, 3:17 a.m.

Remotely Exploit :

Yes !
Affected Products

The following products are affected by CVE-2026-23490 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Debian debian_linux
1 Pyasn1 pyasn1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS 3.1 HIGH [email protected]
CVSS 3.1 HIGH 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Solution
Update pyasn1 to version 0.6.2 or later to fix memory exhaustion via malformed RELATIVE-OID.
  • Update pyasn1 to version 0.6.2 or later.
  • Verify the updated pyasn1 version is in use.
Public PoC/Exploit Available at Github

CVE-2026-23490 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-23490.

URL Resource
https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970 Patch
https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2 Product Release Notes
https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq Vendor Advisory
https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:13508
https://access.redhat.com/errata/RHSA-2026:13512
https://access.redhat.com/errata/RHSA-2026:13545
https://access.redhat.com/errata/RHSA-2026:13553
https://access.redhat.com/errata/RHSA-2026:14020
https://access.redhat.com/errata/RHSA-2026:17446
https://access.redhat.com/errata/RHSA-2026:17595
https://access.redhat.com/errata/RHSA-2026:17611
https://access.redhat.com/errata/RHSA-2026:1903
https://access.redhat.com/errata/RHSA-2026:1904
https://access.redhat.com/errata/RHSA-2026:1905
https://access.redhat.com/errata/RHSA-2026:1906
https://access.redhat.com/errata/RHSA-2026:19712
https://access.redhat.com/errata/RHSA-2026:2221
https://access.redhat.com/errata/RHSA-2026:2299
https://access.redhat.com/errata/RHSA-2026:2300
https://access.redhat.com/errata/RHSA-2026:2302
https://access.redhat.com/errata/RHSA-2026:2303
https://access.redhat.com/errata/RHSA-2026:2309
https://access.redhat.com/errata/RHSA-2026:24476
https://access.redhat.com/errata/RHSA-2026:24483
https://access.redhat.com/errata/RHSA-2026:2453
https://access.redhat.com/errata/RHSA-2026:2460
https://access.redhat.com/errata/RHSA-2026:2483
https://access.redhat.com/errata/RHSA-2026:2486
https://access.redhat.com/errata/RHSA-2026:24866
https://access.redhat.com/errata/RHSA-2026:24977
https://access.redhat.com/errata/RHSA-2026:2712
https://access.redhat.com/errata/RHSA-2026:2758
https://access.redhat.com/errata/RHSA-2026:28042
https://access.redhat.com/errata/RHSA-2026:30088
https://access.redhat.com/errata/RHSA-2026:3354
https://access.redhat.com/errata/RHSA-2026:3359
https://access.redhat.com/errata/RHSA-2026:3958
https://access.redhat.com/errata/RHSA-2026:3959
https://access.redhat.com/errata/RHSA-2026:4138
https://access.redhat.com/errata/RHSA-2026:4139
https://access.redhat.com/errata/RHSA-2026:4140
https://access.redhat.com/errata/RHSA-2026:4141
https://access.redhat.com/errata/RHSA-2026:4142
https://access.redhat.com/errata/RHSA-2026:4143
https://access.redhat.com/errata/RHSA-2026:4144
https://access.redhat.com/errata/RHSA-2026:4145
https://access.redhat.com/errata/RHSA-2026:4146
https://access.redhat.com/errata/RHSA-2026:4147
https://access.redhat.com/errata/RHSA-2026:4148
https://access.redhat.com/errata/RHSA-2026:4943
https://access.redhat.com/errata/RHSA-2026:5606
https://access.redhat.com/security/cve/CVE-2026-23490
https://bugzilla.redhat.com/show_bug.cgi?id=2430472
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23490.json
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-23490 is associated with the following CWEs:

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Config files for my GitHub profile.

config github-config

Updated: 2 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : May 8, 2024, 3:33 a.m. This repo has been linked 31 different CVEs too.

None

Python

Updated: 5 days, 16 hours ago
54 stars 61 fork 61 watcher
Born at : Feb. 28, 2018, 3:24 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-23490 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2026-23490 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c

    Jun. 30, 2026

    Action Type Old Value New Value
    Added Affected [{'cpes': ['cpe:/o:redhat:rhel_els:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server (v. 7 ELS)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:7::server'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:7::server'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_extras_sap_els:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server for SAP ELS (v. 7)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_extras_sap_hana_els:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server for SAPHANA ELS (v. 7)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.5::el8', 'cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8', 'cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.5 for RHEL 8', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openstack:17.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenStack Platform 17.1', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.5::el9', 'cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9', 'cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.5 for RHEL 9', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.6::el9', 'cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9', 'cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.6 for RHEL 9', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_ironic:4.17::el9'], 'vendor': 'Red Hat', 'product': 'Ironic content for Red Hat OpenShift Container Platform 4.17', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_ironic:4.18::el9'], 'vendor': 'Red Hat', 'product': 'Ironic content for Red Hat OpenShift Container Platform 4.18', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v. 8.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus_long_life:8.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux HighAvailability (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.4::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.6::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.6::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.8::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.8::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ai_inference_server:3.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat AI Inference Server 3.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.5::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.5', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.6::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.6', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ceph_storage:8::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Ceph Storage 8', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux_ai:3.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AI 3.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_ai:2.25::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift AI 2.25', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_ai:3.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift AI 3.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:stf:1.5::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenStack 1.5', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:trusted_artifact_signer:1.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Trusted Artifact Signer 1.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:trusted_artifact_signer:1.4::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Trusted Artifact Signer 1.4', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhui:5::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Update Infrastructure 5', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::resilientstorage'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux ResilientStorage (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::resilientstorage'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::resilientstorage'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::resilientstorage'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:lightspeed_core'], 'vendor': 'Red Hat', 'product': 'Lightspeed Core', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhmt:1'], 'vendor': 'Red Hat', 'product': 'Migration Toolkit for Containers', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:migration_toolkit_virtualization:2'], 'vendor': 'Red Hat', 'product': 'Migration Toolkit for Virtualization', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_lightspeed'], 'vendor': 'Red Hat', 'product': 'OpenShift Lightspeed', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ai_inference_server:3'], 'vendor': 'Red Hat', 'product': 'Red Hat AI Inference Server', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_ai'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift AI (RHOAI)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openstack:16.2'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenStack Platform 16.2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openstack:18.0'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenStack Platform 18.0', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:quay:3'], 'vendor': 'Red Hat', 'product': 'Red Hat Quay 3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:satellite:6'], 'vendor': 'Red Hat', 'product': 'Red Hat Satellite 6', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.6::el10', 'cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.6 for RHEL 10', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/a:redhat:openshift:4.17::el8', 'cpe:/a:redhat:openshift:4.17::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.17', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/a:redhat:openshift:4.18::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.18', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/a:redhat:service_mesh:3'], 'vendor': 'Red Hat', 'product': 'OpenShift Service Mesh 3', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:6'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux 6', 'defaultStatus': 'unaffected'}]
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-770
    Added Reference https://access.redhat.com/errata/RHSA-2026:13508
    Added Reference https://access.redhat.com/errata/RHSA-2026:13512
    Added Reference https://access.redhat.com/errata/RHSA-2026:13545
    Added Reference https://access.redhat.com/errata/RHSA-2026:13553
    Added Reference https://access.redhat.com/errata/RHSA-2026:14020
    Added Reference https://access.redhat.com/errata/RHSA-2026:17446
    Added Reference https://access.redhat.com/errata/RHSA-2026:17595
    Added Reference https://access.redhat.com/errata/RHSA-2026:17611
    Added Reference https://access.redhat.com/errata/RHSA-2026:1903
    Added Reference https://access.redhat.com/errata/RHSA-2026:1904
    Added Reference https://access.redhat.com/errata/RHSA-2026:1905
    Added Reference https://access.redhat.com/errata/RHSA-2026:1906
    Added Reference https://access.redhat.com/errata/RHSA-2026:19712
    Added Reference https://access.redhat.com/errata/RHSA-2026:2221
    Added Reference https://access.redhat.com/errata/RHSA-2026:2299
    Added Reference https://access.redhat.com/errata/RHSA-2026:2300
    Added Reference https://access.redhat.com/errata/RHSA-2026:2302
    Added Reference https://access.redhat.com/errata/RHSA-2026:2303
    Added Reference https://access.redhat.com/errata/RHSA-2026:2309
    Added Reference https://access.redhat.com/errata/RHSA-2026:24476
    Added Reference https://access.redhat.com/errata/RHSA-2026:24483
    Added Reference https://access.redhat.com/errata/RHSA-2026:2453
    Added Reference https://access.redhat.com/errata/RHSA-2026:2460
    Added Reference https://access.redhat.com/errata/RHSA-2026:2483
    Added Reference https://access.redhat.com/errata/RHSA-2026:2486
    Added Reference https://access.redhat.com/errata/RHSA-2026:24866
    Added Reference https://access.redhat.com/errata/RHSA-2026:24977
    Added Reference https://access.redhat.com/errata/RHSA-2026:2712
    Added Reference https://access.redhat.com/errata/RHSA-2026:2758
    Added Reference https://access.redhat.com/errata/RHSA-2026:28042
    Added Reference https://access.redhat.com/errata/RHSA-2026:30088
    Added Reference https://access.redhat.com/errata/RHSA-2026:3354
    Added Reference https://access.redhat.com/errata/RHSA-2026:3359
    Added Reference https://access.redhat.com/errata/RHSA-2026:3958
    Added Reference https://access.redhat.com/errata/RHSA-2026:3959
    Added Reference https://access.redhat.com/errata/RHSA-2026:4138
    Added Reference https://access.redhat.com/errata/RHSA-2026:4139
    Added Reference https://access.redhat.com/errata/RHSA-2026:4140
    Added Reference https://access.redhat.com/errata/RHSA-2026:4141
    Added Reference https://access.redhat.com/errata/RHSA-2026:4142
    Added Reference https://access.redhat.com/errata/RHSA-2026:4143
    Added Reference https://access.redhat.com/errata/RHSA-2026:4144
    Added Reference https://access.redhat.com/errata/RHSA-2026:4145
    Added Reference https://access.redhat.com/errata/RHSA-2026:4146
    Added Reference https://access.redhat.com/errata/RHSA-2026:4147
    Added Reference https://access.redhat.com/errata/RHSA-2026:4148
    Added Reference https://access.redhat.com/errata/RHSA-2026:4943
    Added Reference https://access.redhat.com/errata/RHSA-2026:5606
    Added Reference https://access.redhat.com/security/cve/CVE-2026-23490
    Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2430472
    Added Reference https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23490.json
  • CVE Modified by [email protected]

    Jun. 17, 2026

    Action Type Old Value New Value
    Added Affected [{'vendor': 'pyasn1', 'product': 'pyasn1', 'versions': [{'status': 'affected', 'version': '< 0.6.2'}]}]
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 17, 2026

    Action Type Old Value New Value
    Added SSVC {'id': 'CVE-2026-23490', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'yes'}, {'technicalImpact': 'partial'}], 'version': '2.0.3', 'timestamp': '2026-01-16T19:23:28.531270Z'}
  • Initial Analysis by [email protected]

    Mar. 13, 2026

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:pyasn1:pyasn1:*:*:*:*:*:python:*:* versions up to (excluding) 0.6.2
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    Added Reference Type GitHub, Inc.: https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970 Types: Patch
    Added Reference Type GitHub, Inc.: https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2 Types: Product, Release Notes
    Added Reference Type GitHub, Inc.: https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq Types: Vendor Advisory
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html Types: Vendor Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Feb. 01, 2026

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html
  • New CVE Received by [email protected]

    Jan. 16, 2026

    Action Type Old Value New Value
    Added Description pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-770
    Added Reference https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970
    Added Reference https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2
    Added Reference https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.