CVE-2026-1998
LOW 3.3A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 570744d06c5ba9dba59b4c3f432ca4f0abd396b6. It is suggested to install a patch to address this issue.
Affected Applications in Environment
4
Python
11 devices
Python
vWindows 11 (26.57288.0)
1 device
python
v2.7.5-5ubuntu3
1 device
python
v2.7.5-93.el7_9
1 device
Affected Devices
14
Brians-Mac-mini.local
Mac
Kellys-MacBook-Pro-3.local
Mac
MacBook-Pro.local
Mac
a00017110-J7TV3C9HW5
Mac
a00344487-F622TJW0NM
Mac
a02235045-MX74HJV2J3
Mac
a02265864-LFW93MQ9P7
Mac
a02388352-LQ22WMQLKF
Mac
a02424859-LHV909KCR7
Mac
a02456553-G06QD7XKWW
Mac
a02513954-D2V97K4D2L
Mac
guru.cluster
Linux
mac.lan
Mac
web05
Linux
References
8
- https://github.com/dpgeorge/micropython/commit/570744d06c5ba9dba59b4c3f432ca4f0abd396b6
- https://github.com/micropython/micropython/
- https://github.com/micropython/micropython/issues/18639
- https://github.com/micropython/micropython/issues/18639#issue-3780651410
- https://github.com/micropython/micropython/pull/18671
- https://vuldb.com/?ctiid.344546
- https://vuldb.com/?id.344546
- https://vuldb.com/?submit.743396