Critical Vulnerabilities in Python 2.7 Affecting Multiple Ubuntu Releases

Critical Vulnerabilities in Python 2.7 Affecting Multiple Ubuntu Releases

First seen 19 Mar 2026, 17:44 UTC UbuntuLinuxsecurity 77% similarity 72.0

Article Content

Browse articles
ThreatCluster

On March 19, 2026, Ubuntu released USN-8018-3 to address vulnerabilities in Python 2.7, which could lead to denial of service and header injection attacks. The vulnerabilities were originally reported in Python 3 and included CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, and CVE-2026-0865. Affected systems include various Ubuntu LTS versions from 14.04 to 22.04. The vulnerabilities were discovered by multiple researchers, including Denis Ledoux and Jacob Walls. Attackers could exploit these vulnerabilities by sending malicious inputs, leading to potential resource exhaustion and arbitrary command injection. Users are advised to update their systems to the latest package versions to mitigate these risks. The updates are available through Ubuntu Pro. The vulnerabilities were published between December 2025 and January 2026, with the advisory released on the same day as the patch.

Key Points: • Critical vulnerabilities in Python 2.7 could lead to denial of service and header injection. • Affected Ubuntu versions include 14.04, 16.04, 18.04, 20.04, and 22.04 LTS. • Users must update to the latest package versions to mitigate the risks.

ThreatCluster AI

Timeline

2025-12-01
CVE-2025-13837 published
2025-12-03
CVE-2025-12084 published
2026-01-20
CVE-2025-11468, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 published
2026-01-20
CVE-2025-15367 published
2026-01-20
CVE-2025-15366 published
2026-03-19
USN-8018-3 released to patch vulnerabilities in Python 2.7

Community

Browse all →