CVE-2026-3276

NONE

—CVSS v3

—CVSS v2

0.05% EPSS (exploit probability)

CWE-407CWE

Description

unicodedata.normalize() can take excessive CPU time when processing
specially crafted Unicode input containing long runs of combining characters
with alternating Canonical Combining Class values.
This affects all normalization forms.

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE