Donate Telegram

CVE-2026-29075

HIGH CVSS 3.1: 8.3

Mar 06, 2026

Updated Mar 06, 2026

Python

Parameter	Value
CVSS	8.3 (HIGH)
Type	CWE-94 (Code Injection (Внедрение кода))
Vendor	Python
Public PoC	No

Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commit c35b8cd.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

Low

Частичная утечка данных

Integrity

Low

Частичная модификация данных

Availability

Low

Частичное нарушение работы

CVSS Vector v3.1

Weakness Type (CWE)

CWE-94 Code Injection (Внедрение кода)

References 2

https://github.com/mesa/mesa/commit/c35b8cd67fc89dd680ae218e49b77f6e1ee07a27

security-advisories@github.com

https://github.com/mesa/mesa/security/advisories/GHSA-3j55-5q6x-2h48

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28804

Python

CVE-2026-28802

Python

CVE-2025-69534

Python

CVE-2026-27932

Python

CVE-2026-27905

Python

CVE Details

CVE ID

CVE-2026-29075

Published Date

Mar 06, 2026

Vendor

Python

Severity

HIGH

CVSS v3.1 Score

8.3

High severity. Prioritize patching.

Attack Analysis

Exploitability 3.9/10

How easy to exploit

Impact 3.7/10

Severity of consequences

Impact

Partial data disclosure

Partial data modification

Partial service disruption

Source

Editor's Choice