There is a MEDIUM severity vulnerability affecting CPython.

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" while writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

Please see the linked CVE ID for the latest information on affected versions:

• https://www.cve.org/CVERecord?id=CVE-2026-1299
• https://github.com/python/cpython/pull/144126