CVE-2026-3276EPSS p37.3%

CVE-2026-3276CVE-2026-3276

Description

unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.

Scoring

EPSS0.47% probability of exploitation · percentile 37.3% · 2026-06-19T12:03:05Z
Last modified2026-06-16

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-3644
CVE
CVE-2025-66382
CVE
CVE-2026-1489
CVE
CVE-2026-42504
CVE
CVE-2026-2596
CVE
CVE-2026-6209
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.