CVE-2026-5659

pytries datrie trie File datrie.pyx Trie.setstate deserialization

CVSS 5.3 MEDIUMEPSS 0.3%CWE-20 CWE-502

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

pytries · datrie

public PoCs found — 1

cve_referencegithub.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/dartie_code_exec.mdunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/dartie_code_exec.md https://github.com/pytries/datrie/https://github.com/pytries/datrie/issues/109 https://vuldb.com/submit/785228 https://vuldb.com/vuln/355483 https://vuldb.com/vuln/355483/cti

pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization

pytries datrie trie File datrie.pyx Trie.setstate deserialization