Bug 2437265 (CVE-2026-1998) - CVE-2026-1998 micropython: micropython runtime.c mp_import_all memory corruption
Summary: CVE-2026-1998 micropython: micropython runtime.c mp_import_all memory corruption
Keywords:
Status: NEW
Alias: CVE-2026-1998
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2437326 2437327
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-02-06 07:01 UTC by OSIDB Bzimport
Modified: 2026-02-06 17:21 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-02-06 07:01:30 UTC
A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 570744d06c5ba9dba59b4c3f432ca4f0abd396b6. It is suggested to install a patch to address this issue.


Note You need to log in before you can comment on or make changes to this bug.