Home > Vulnerability Database > CVE-2025-11468

Mend.io Vulnerability Database

CVE-2025-11468

Good to know:

Date: January 20, 2026

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.

Severity Score

4.5

Related Resources (10)

Url: https://github.com/python/cpython/issues/143935

Url: https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11468

Url: https://github.com/python/cpython/pull/143936

Url: https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796

Url: https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6

Url: https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66

Url: https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0

Url: https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/

Url: https://www.mend.io/vulnerability-database/CVE-2025-11468

Severity Score

4.5

CVSS v3.1

Base Score:	4.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11468

Good to know:

Date: January 20, 2026

Severity Score

Related Resources (10)

Severity Score

CVSS v3.1

Do you need more information?