CVE-2025-15367

UNKNOWN 0.0

POP3 command injection in user-controlled commands

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

CWE	CWE-77
Vendor	python software foundation
Product	cpython
Published	Jan 20, 2026
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for python software foundation cpython

Be the first to know when new unknown vulnerabilities affecting python software foundation cpython are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Python Software Foundation / CPython

0 < 3.15.0a6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/python/cpython/pull/143924 github.com: https://github.com/python/cpython/issues/143923 mail.python.org: https://mail.python.org/archives/list/[email protected]/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/ github.com: https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874e7

Credits

🔍 Omar M. Hasan