CVE-2025-15367

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Published Jan 21, 2026

https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/

CVSS ScoreMedium

5.9

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-15367

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Published Jan 21, 2026

https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/

CVSS ScoreMedium

5.9


conan	cpython	2.7.18
conan	cpython	3.10.0
conan	cpython	3.10.14
conan	cpython	3.11.9
conan	cpython	3.12.2
conan	cpython	3.12.7
conan	cpython	3.7.12
conan	cpython	3.8.12
conan	cpython	3.8.19
conan	cpython	3.9.19
conan	cpython	3.9.7

Ecosystem	Package	Version


conan	cpython	2.7.18
conan	cpython	3.10.0
conan	cpython	3.10.14
conan	cpython	3.11.9
conan	cpython	3.12.2
conan	cpython	3.12.7
conan	cpython	3.7.12
conan	cpython	3.8.12
conan	cpython	3.8.19
conan	cpython	3.9.19
conan	cpython	3.9.7

Find vulnerabilities. Fix fast with AI.

CVE-2025-15367

CVE-2025-15367