CVE-2026-5659 MEDIUM

CVE-2026-5659: pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization

Vendor Pytries
Product datrie
Weakness CWE-502 · Unsafe deserialization
Published April 6, 2026
Last update April 6, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Key dates

02Disclosure timeline

April 6, 2026 CVE published
April 6, 2026 Record updated