CVE-2026-6100 — Vulnetix

CVE-2026-6100 PUBLISHED CVSS 9.100000381469727 CRITICAL

Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

EPSS 0.16% · 37.2th percentile

Risk Scores

CVSS 4.0

9.100000381469727

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Score

0.16%

37.2th percentile

Affected Products

Vendor	Product	Versions
Bitnami	python
Bitnami	libpython
Bitnami	python-min

Exploit Intelligence

CIRCL seen: CVE-2026-6100 (circl-sighting)
CIRCL seen: CVE-2026-6100 (circl-sighting)
http://www.openwall.com/lists/oss-security/2026/04/13/10 (circl)
https://github.com/python/cpython/pull/148396 (circl)
https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/ (circl)
https://github.com/python/cpython/issues/148395 (circl)
https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d (circl)
https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2 (circl)
https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20 (circl)
BELL-CVE-2025-15282.json (github-poc)

…and 224 more exploits

Timeline

Apr 13, 2026 CVE Published
Apr 13, 2026 PoC Published
Apr 13, 2026 PoC Published
Apr 14, 2026 EPSS Score
Apr 14, 2026 Security Advisory
Apr 27, 2026 Distribution Patch
Apr 27, 2026 Security Advisory
Apr 27, 2026 Distribution Patch
Apr 27, 2026 Security Advisory
Apr 27, 2026 Distribution Patch
Apr 27, 2026 Security Advisory
Apr 27, 2026 Distribution Patch

References

Open in Interactive Console →