#python
5 articles
The technology, research, AI development, and financial services sectors were the primary targets of a wave of critical Python-related vulnerabilities in April and May 2026. Three high-severity and four critical flaws were documented, with the most severe being CVE-2026-39987 (CVSS 9.3), followed by CVE-2026-44339 (CVSS 8.6) and CVE-2026-31248. These seven reports, published between April 12 and May 12, 2026, affected organisations globally.
HIGHDocling XXE Flaw CVE-2026-31248 Lets Attackers Trigger XML Bomb DoS
CVE-2026-31248: Docling METS GBS backend through 2.61.0 fails to disable entity resolution in etree.fromstring(), enabling XML Bomb attacks via crafted .tar.gz archives.
HIGHPraisonAI Flaw Lets Agents Execute Arbitrary Python Tools
CVE-2026-44339 (CVSS 8.6) in PraisonAI multi-agent framework lets agents resolve undeclared tool names against module globals, enabling arbitrary Python execution.
CRITICALPyTorch Lightning Compromised in PyPI Supply Chain Attack
Threat actors pushed malicious PyTorch Lightning versions 2.6.2 and 2.6.3 to PyPI on April 30, 2026, stealing credentials via a typosquatted dependency — Aikido Security, Socket,…
CRITICALCritical Marimo RCE Flaw Exploited Within Hours of Disclosure
A critical pre-authentication remote code execution vulnerability (CVE-2026-39987) in the Marimo Python notebook was exploited in the wild within 10 hours of public disclosure, posing a severe risk to data science environments.
HIGHVIPERTUNNEL Python Backdoor Evades Detection via Fake DLL and Obfuscated Loader
Threat actors deploy VIPERTUNNEL, a Python backdoor, using a fake DLL and multi-stage obfuscated loader to establish stealthy SOCKS5 proxy tunnels for persistent network access.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.