Description
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted positional-only arguments, allowing __getattr__, _getitem_, _write_, or _print_ to be shadowed by a local parameter and bypass the embedding application's access policy. This issue is fixed in version 8.3.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 08 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Zope
Zope restrictedpython |
|
| Vendors & Products |
Zope
Zope restrictedpython |
Wed, 08 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted positional-only arguments, allowing __getattr__, _getitem_, _write_, or _print_ to be shadowed by a local parameter and bypass the embedding application's access policy. This issue is fixed in version 8.3. | |
| Title | RestrictedPython guard hooks can be shadowed via positional-only arguments | |
| Weaknesses | CWE-184 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-08T21:16:36.200Z
Reserved: 2026-06-17T16:29:38.864Z
Link: CVE-2026-55830
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T22:30:09Z
Weaknesses