VDB

CVE-2026-4539

CVE-2026-4539 PUBLISHED CVSS 4.800000190734863 MEDIUM

A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

EPSS 0.01% · 0.7th percentile

Risk Scores

CVSS v4.0
4.800000190734863
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
EPSS Score
0.01%
0.7th percentile

Affected Products

VendorProductVersions
PyPIPygments0, 0, 0
n/apygments2.19.0, 2.19.1, 2.19.2

Timeline

  • Mar 22, 2026 CVE Published
  • Mar 22, 2026 EPSS Score
  • Mar 22, 2026 Coalition ESS Score
  • Mar 22, 2026 PoC Published
  • Mar 23, 2026 EPSS Score
  • Mar 24, 2026 EPSS Score
  • Mar 25, 2026 EPSS Score
  • Mar 25, 2026 Security Advisory
  • Mar 26, 2026 EPSS Score
  • Mar 26, 2026 PoC Published
  • Mar 26, 2026 PoC Published
  • Mar 30, 2026 CVE Updated

References

…and 12 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›