CVE-2026-5659

pytries datrie trie File datrie.pyx Trie.setstate deserialization

CVSS 5.3 MEDIUMEPSS 0.3%CWE-20 CWE-502

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

pytries · datrie

PoCs públicas encontradas — 1

cve_referencegithub.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/dartie_code_exec.mdnão verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/dartie_code_exec.md https://github.com/pytries/datrie/https://github.com/pytries/datrie/issues/109 https://vuldb.com/submit/785228 https://vuldb.com/vuln/355483 https://vuldb.com/vuln/355483/cti

pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization

pytries datrie trie File datrie.pyx Trie.setstate deserialization