CVE-2026-5659

pytries datrie trie File datrie.pyx Trie.setstate deserialization

CVSS 5.3 MEDIUMEPSS 0.3%CWE-20 CWE-502

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

pytries · datrie

PoCs públicas encontradas — 1

cve_referencegithub.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/dartie_code_exec.mdno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/dartie_code_exec.md https://github.com/pytries/datrie/https://github.com/pytries/datrie/issues/109 https://vuldb.com/submit/785228 https://vuldb.com/vuln/355483 https://vuldb.com/vuln/355483/cti

pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization

pytries datrie trie File datrie.pyx Trie.setstate deserialization