[Git][security-tracker-team/security-tracker][master] Add CVE-2026-21860/python-werkzeug

Thu Jan 8 21:55:21 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7635d324 by Salvatore Bonaccorso at 2026-01-08T22:55:00+01:00
Add CVE-2026-21860/python-werkzeug

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -96,7 +96,9 @@ CVE-2026-21872 (NiceGUI is a Python-based UI framework. From versions 2.22.0 to
 CVE-2026-21871 (NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, ...)
 	NOT-FOR-US: NiceGUI
 CVE-2026-21860 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...)
-	TODO: check
+	- python-werkzeug <not-affected> (Only affects werkzeug on Windows)
+	NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7
+	NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/37797aba260022c871718e0908b472727d366d09 (3.1.5)
 CVE-2026-21639 (A malicious actor in Wi-Fi range of the affected product could leverag ...)
 	NOT-FOR-US: airFiber AF60
 CVE-2026-21638 (A malicious actor in Wi-Fi range of the affected product could leverag ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7635d3243073044ae441c4733d6a10d5f042a94b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7635d3243073044ae441c4733d6a10d5f042a94b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260108/7e0d8946/attachment.htm>
