Python3-3.14.6 (Security update)

[Bruce Dubbs]

New point version.

CVE-2026-7774. MEDIUM severity vulnerability affecting CPython. Base Score: 6.4

CVE-2026-3276. Score not assigned.

CVE-2026-8643. Base Score 5.5 affecting pip

[Joe Locash]

Python 3.14.6 final

Release date: 2026-06-10

Security

• gh-151159: Update Android and iOS installers to use OpenSSL 3.5.7.
• gh-150599: Fix a possible stack buffer overflow in bz2 when a bz2.BZ2Decompressor is reused after a decompression error. The decompressor now becomes unusable after libbz2 reports an error.
• gh-149835: shutil.move() now resolves symlinks via os.path.realpath() when checking whether the destination is inside the source directory, preventing a symlink-based bypass of that guard.
• gh-149698: Update bundled libexpat to version 2.8.1 for the fix for CVE 2026-45186.
• gh-87451: The ftplib module’s undocumented ftpcp function no longer trusts the IPv4 address value returned from the source server in response to the PASV command by default, completing the fix for CVE-2021-4189. As with ftplib.FTP, the former behavior can be re-enabled by setting the trust_server_pasv_ipv4_address attribute on the source ftplib.FTP instance to True. Thanks to Qi Deng at Aurascape AI for the report.
• gh-149486: tarfile.data_filter() now validates link targets using the same normalised value that is written to disk, strips trailing separators from the member name when resolving a symlink’s directory, and rejects link members that would replace the destination directory itself. This closes several path-traversal bypasses of the data extraction filter.
• gh-149079: Fix a potential denial of service in unicodedata.normalize(). The canonical ordering step of Unicode normalization used a quadratic-time insertion sort for reordering combining characters, which could be exploited with crafted input containing many combining characters in non-canonical order. Replaced with a linear-time counting sort for long runs.
• gh-149018: Improved protection against XML hash-flooding attacks in xml.parsers.expat and xml.etree.ElementTree when Python is compiled with libExpat 2.8.0 or later.

Core and Builtins

• gh-151112: Fix a crash in the compiler that could occur when running out of memory.
• gh-151126: Fix a crash, when there’s no memory left on a device, which happened in: code compilation - _winapi.CreateProcess() Now these places raise proper MemoryError errors.
• gh-150700: Fix a SystemError when compiling a class-scope comprehension containing a lambda that references class, classdict, or conditional_annotations. Patch by Bartosz Sławecki.
• gh-150633: Fix the frozen importer accepting module names with embedded null bytes, which caused it to bypass the sys.modules cache and create duplicate module objects.
• gh-148613: Fix a data race in the free-threaded build between gc.set_threshold() and garbage collection scheduling during object allocation.
• gh-149156: Fix an intermittent crash after os.fork() when perf trampoline profiling is enabled and the child returns through trampoline frames inherited from the parent process.
• gh-149449: Fix a use-after-free crash when the unicodedata module was removed from sys.modules and garbage-collected between calls that decode \N{...} escapes or use the namereplace codec error handler.
• gh-150207: Fix a crash when a memory allocation fails during tokenizer initialization. A proper MemoryError is now raised instead.
• gh-150107: asyncio: sendfile() and sock_sendfile() event loop methods now call file.seek(offset) if file has a seek() method, even if offset is 0 (default value).
• gh-150146: Fix a crash on a complex type variable substitution. from typing import TypeVar; memoryview[TypeVar("")][*typing.Mapping[..., ...]] used to fail due to missing NULL check on _unpack_args C function call.
• gh-149590: Fix crash when faulthandler is imported more than once.
• gh-149816: Fix a race condition in _PyBytes_FromList in free-threading mode.
• gh-149816: Fix a race condition in memoryview with free-threading.
• gh-149805: Fix a SystemError when compiling a compiling classdict class annotation. Found by OSS-Fuzz in #512907042.
• gh-149738: sqlite3: Disallow removing row_factory and text_factory attributes of a connection to prevent a crash on a query.
• gh-139808: Add branch protections for AArch64 (BTI/PAC) in assembly code used by -X perf_jit (Linux perf profiler integration).
• gh-148450: Fix abc.register() so it invalidates type version tags for registered classes.

Library

• gh-151039: Fix a crash when static datetime types outlive the _datetime module.
• gh-150913: Fix sqlite3.Blob slice assignment to raise TypeError and IndexError for type and size mismatches respectively, even when the target slice is empty.
• gh-143008: Fix race conditions when re-initializing a io.TextIOWrapper object.
• gh-150750: Fix a race condition in collections.deque.index() with free-threading.
• gh-150685: Update bundled pip to 26.1.2
• gh-150406: Fix a possible crash occurring during socket module initialization when the system is out of memory on platforms without a reentrant gethostbyname.
• gh-150372: readline: Fix a potential crash during tab completion caused by an out-of-memory error during module initialization.
• gh-150157: Fix a crash in free-threaded builds that occurs when pickling by name objects without a module attribute while sys.modules is concurrently being modified.
• gh-150175: Fix race condition in unittest.mock.ThreadingMock where concurrent calls could lose increments to call_count and other attributes due to a missing lock in _increment_mock_call.
• gh-84353: Preserve non-UTF-8 encoded filenames when appending to a zipfile.ZipFile. Previously, non-ASCII names stored in a legacy encoding (without the UTF-8 flag bit set) could be corrupted when the central directory was rewritten: they were decoded as cp437 and then re-stored as UTF-8.
• gh-149816: Fix race condition in ssl.SSLContext.sni_callback
• gh-149995: Update various docstrings in typing.
• gh-88726: The email package now uses standard MIME charset names “gb2312” and “big5” instead of non-standard names “eucgb2312_cn” and “big5_tw”.
• gh-149571: Fix the C implementation of xml.etree.ElementTree.Element.itertext(): it no longer emits text for comments and processing instructions.
• gh-149921: Fix reference leaks in error paths of the _interpchannels and _interpqueues extension modules.
• gh-149816: Fix a race condition in _random.Random.init method in free-threading mode.
• gh-149801: Add IANA registered names and aliases with leading zeros before number (like IBM00858, CP00858, IBM01140, CP01140) for corresponding codecs.
• gh-149701: Fix bad return code from Lib/venv/bin/activate if hashing is disabled
• gh-112821: In the REPL, autocompletion might run arbitrary code in the getter of a descriptor. If that getter raised an exception, autocompletion would fail to present any options for the entire object. Autocompletion now works as expected for these objects.
• gh-149489: Fix ElementTree serialization to HTML. The content of elements “xmp”, “iframe”, “noembed”, “noframes”, and “plaintext” is no longer escaped. The “plaintext” element no longer have the closing tag.
• gh-149231: In tomllib, the number of parts in TOML keys is now limited
• gh-149046: io: Fix io.StringIO serialization: no longer call str(obj) on str subclasses. Patch by Thomas Kowalski.
• gh-148954: Fix XML injection vulnerability in xmlrpc.client.dumps() where the methodname was not being escaped before interpolation into the XML body.
• gh-148441: xml.parsers.expat: prevent a crash in CharacterDataHandler() when the character data size exceeds the parser’s buffer size.
• gh-146452: Fix segfault in pickle when pickling a dictionary concurrently mutated by another thread in the free-threaded build.
• gh-142831: Fix a crash in the json module where a use-after-free could occur if the object being encoded is modified during serialization.
• gh-90949: Add SetBillionLaughsAttackProtectionActivationThreshold() and SetBillionLaughsAttackProtectionMaximumAmplification() to xmlparser objects to tune protections against billion laughs attacks. Patch by Bénédikt Tran.
• gh-134261: zip: On reproducible builds, ZipFile uses UTC instead of the local time when writing file datetimes to avoid underflows.
• gh-128110: Fix bug in the parsing of email address headers that could result in extraneous spaces in the decoded text when using a modern email policy. Space between pairs of adjacent RFC 2047 encoded-words is now ignored, per section 6.2 (and consistent with existing parsing of unstructured headers like Subject).
• gh-107398: Fix tarfile stream mode exception when process the file with the gzip extra field.
• gh-123853: Update the table of Windows language code identifiers (LCIDs) used by locale.getdefaultlocale() on Windows to protocol version 16.0 (2024-04-23).
• gh-91099: imaplib.IMAP4.login() now raises exceptions with str instead of bytes. Patch by Florian Best.

Documentation

• gh-150319: Generic builtin and standard library types now document the meaning of their type parameters.
• gh-109503: Fix documentation for shutil.move() on usage of os.rename() since nonatomic move might be used even if the files are on the same filesystem. Patch by Fang Li

Tests

• gh-151130: Add more tests for PyWeakref_* C API.
• gh-149776: Fix test_socket on Linux kernel 7.1 and newer: skip UDP Lite tests if it’s not supported. Patch by Victor Stinner.

Build

• gh-148294: Corrected the use of AC_PATH_TOOL in configure.ac to allow a C++ compiler to be found on PATH.

Windows

• gh-151159: Updated bundled version of OpenSSL to 3.5.7.

macOS

• gh-151159: Update macOS installer to use OpenSSL 3.5.7.
• gh-150644: When system logging is enabled (with config.use_system_logger, messages are now tagged as public. This allows the macOS 26 system logger to view messages without special configuration.
• gh-115119: Update macOS installer to use libmpdecimal 4.0.1.

IDLE

• bpo-6699: Warn the user if a file will be overwritten when saving.

C API

• gh-150907: Fix dynamic_annotations.h header file when built with C++ and Valgrind: add extern "C++" scope for the C++ template. Patch by Victor Stinner.
• gh-145235: Made PyDict_AddWatcher(), PyDict_ClearWatcher(), PyDict_Watch(), and PyDict_Unwatch() thread-safe on the free threaded build.

gh-149486 was assigned CVE-2026-7774.

gh-149079 was assigned CVE-2026-3276.

pip-26.1.2 fixes CVE-2026-8643.