{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5659", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-06T07:35:11.413Z", "datePublished": "2026-04-06T13:00:19.796Z", "dateUpdated": "2026-04-06T14:49:10.387Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-06T13:00:19.796Z"}, "title": "pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "Deserialization"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "Improper Input Validation"}]}], "affected": [{"vendor": "pytries", "product": "datrie", "versions": [{"version": "0.8.0", "status": "affected"}, {"version": "0.8.1", "status": "affected"}, {"version": "0.8.2", "status": "affected"}, {"version": "0.8.3", "status": "affected"}], "modules": ["trie File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:C"}}], "timeline": [{"time": "2026-04-06T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-06T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-06T09:40:54.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "dhabaleshwar (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/355483", "name": "VDB-355483 | pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/355483/cti", "name": "VDB-355483 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/785228", "name": "Submit #785228 | pytries datrie 0.8.3 Deserialization", "tags": ["third-party-advisory"]}, {"url": "https://github.com/pytries/datrie/issues/109", "tags": ["issue-tracking"]}, {"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/dartie_code_exec.md", "tags": ["exploit"]}, {"url": "https://github.com/pytries/datrie/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T14:46:24.743515Z", "id": "CVE-2026-5659", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T14:49:10.387Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5659", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T14:46:24.743515Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T14:46:25.826Z"}}], "cna": {"title": "pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization", "credits": [{"lang": "en", "type": "reporter", "value": "dhabaleshwar (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:C"}}], "affected": [{"vendor": "pytries", "modules": ["trie File Handler"], "product": "datrie", "versions": [{"status": "affected", "version": "0.8.0"}, {"status": "affected", "version": "0.8.1"}, {"status": "affected", "version": "0.8.2"}, {"status": "affected", "version": "0.8.3"}]}], "timeline": [{"lang": "en", "time": "2026-04-06T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-06T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-06T09:40:54.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/355483", "name": "VDB-355483 | pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/355483/cti", "name": "VDB-355483 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/785228", "name": "Submit #785228 | pytries datrie 0.8.3 Deserialization", "tags": ["third-party-advisory"]}, {"url": "https://github.com/pytries/datrie/issues/109", "tags": ["issue-tracking"]}, {"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/dartie_code_exec.md", "tags": ["exploit"]}, {"url": "https://github.com/pytries/datrie/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "Deserialization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper Input Validation"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-06T13:00:19.796Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5659", "state": "PUBLISHED", "dateUpdated": "2026-04-06T14:49:10.387Z", "dateReserved": "2026-04-06T07:35:11.413Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-06T13:00:19.796Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."}], "id": "CVE-2026-5659", "lastModified": "2026-04-06T14:16:26.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-06T14:16:26.150", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/dartie_code_exec.md"}, {"source": "cna@vuldb.com", "url": "https://github.com/pytries/datrie/"}, {"source": "cna@vuldb.com", "url": "https://github.com/pytries/datrie/issues/109"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/785228"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355483"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355483/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-502"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{}