{
  "schema_version": "1.5.0",
  "id": "PSF-2026-29",
  "published": "2026-06-23T17:42:01.947Z",
  "modified": "2026-06-24T12:55:42.471Z",
  "aliases": [
    "CVE-2026-0864"
  ],
  "details": "When using the \"configparser\" module to write configuration files\ncontaining multi-line text values with carriage return characters (\\r) the\nresulting file could be injected with unexpected keys and values if the\nattacker controls the written value.",
  "affected": [
    {
      "ranges": [
        {
          "type": "GIT",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5858e42c539dac8394636a6e9b30472b8994851f"
            },
            {
              "fixed": "0adb386f6e68eb2e73d32e19f235d012df009528"
            },
            {
              "fixed": "71f2e02a52d47417a6fd69f456346cd8aa7aca98"
            },
            {
              "fixed": "aaf850fd333cd89e9aada03d92aaa788a6cb1bb8"
            }
          ],
          "repo": "https://github.com/python/cpython"
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/pull/151559"
    },
    {
      "type": "ADVISORY",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CV4NE6AFCRJL7XQOHX7J5TSDHUWVWGJS/"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/python/cpython/issues/143927"
    },
    {
      "type": "FIX",
      "url": "https://github.com/python/cpython/commit/5858e42c539dac8394636a6e9b30472b8994851f"
    },
    {
      "type": "FIX",
      "url": "https://github.com/python/cpython/commit/0adb386f6e68eb2e73d32e19f235d012df009528"
    },
    {
      "type": "FIX",
      "url": "https://github.com/python/cpython/commit/71f2e02a52d47417a6fd69f456346cd8aa7aca98"
    },
    {
      "type": "FIX",
      "url": "https://github.com/python/cpython/commit/aaf850fd333cd89e9aada03d92aaa788a6cb1bb8"
    }
  ],
  "database_specific": {
    "cwe_ids": []
  }
}