Python is a high-level, general-purpose programming language. Its key feature is the high readability of the code. It supports multiple programming paradigms, including Object-Oriented Programming (OOP) and Functional Programming.

Python

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Echo is a secure, minimal Linux OS built vulnerability-free. It is fully compatible across environments and continuously patched - making it a clean, dependable base layer for modern applications. Echo is used by organizations focused on security and reliability, including those with compliance or FIPS requirements.

Echo

### Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode.
### Patches
This has been fixed in [pypdf==6.9.2](https://github.com/py-pdf/pypdf/releases/tag/6.9.2).
### Workarounds
If users cannot upgrade yet, consider applying the changes from PR [#3693](https://github.com/py-pdf/pypdf/pull/3693).

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-33718	HIGH	7.6	Python	openhands	No	Yes	Mar 25, 2026
CVE-2026-33509	HIGH	7.5	Python	pyload-ng	No	No	Mar 24, 2026
CVE-2026-27602	HIGH	7.2	Python	modoboa	No	Yes	Mar 25, 2026
CVE-2026-33699	MEDIUM	4.6	Python	pypdf	No	Yes	Mar 25, 2026
CVE-2026-25645	MEDIUM	4.4	Python	datahub-ingestion	No	Yes	Mar 25, 2026

CVE-2026-33699:
Python vulnerability analysis and mitigation

Impact

Patches

Workarounds

4.6

Related Python vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-33699: Python vulnerability analysis and mitigation