{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-10T18:17:35Z",
  "bugzilla" : {
    "description" : "python: Python base64: Incomplete data decoding due to premature stop at padding",
    "id" : "2457410",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2457410"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-1286",
  "details" : [ "When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use \"validate=True\" to enable stricter processing of base64 data.", "A flaw was found in the Python base64 module. When decoding base64 data using functions like base64.b64decode(), the decoding process prematurely stops upon encountering the first padding character. This can result in incomplete data being processed, where any information following the initial padding is unexpectedly ignored. Consequently, applications might interpret or handle base64-encoded data inconsistently compared to other implementations, potentially leading to data integrity issues." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-04-10T00:00:00Z",
    "advisory" : "RHSA-2026:7443",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "python3-13-main-3.13.13-1.hum1"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-04-11T00:00:00Z",
    "advisory" : "RHSA-2026:7661",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "python3-14-main-3.14.4-1.hum1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "python3.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "python3.14",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "python3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python3.11",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python3.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python36:3.6/python36",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python39-devel:3.9/python39",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "python3.11",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "python3.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "python3.14",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "python3.9",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Affected",
    "package_name" : "python3.11",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Affected",
    "package_name" : "python3.12",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-3446\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3446\nhttps://github.com/python/cpython/commit/1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474\nhttps://github.com/python/cpython/commit/4561f6418a691b3e89aef0901f53fe0dfb7f7c0e\nhttps://github.com/python/cpython/commit/e31c55121620189a0d1a07b689762d8ca9c1b7fa\nhttps://github.com/python/cpython/issues/145264\nhttps://github.com/python/cpython/pull/145267\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53/" ],
  "name" : "CVE-2026-3446",
  "csaw" : false
}