pyasn1 <0.6.2: DOS via excessive RELATIVE-OID octets
CVE-2026-23490 Published on January 16, 2026

pyasn1 has a DoS vulnerability in decoder
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

Github Repository NVD

Vulnerability Analysis

CVE-2026-23490 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. An automatable proof of concept (POC) exploit exists. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.


Products Associated with CVE-2026-23490

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-23490 are published in these products:

Canonical Ubuntu Linux
 
Oracle
 
Red Hat Rhel Els
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Rhel Extras Sap Els
 
Red Hat Rhel Extras Sap Hana Els
 
Red Hat Ansible Automation Platform
 
Red Hat Ansible Automation Platform Developer
 
Red Hat Ansible Automation Platform Inside
 
Red Hat Openstack
 
Red Hat Openshift Ironic
 
Red Hat Enterprise Linux Eus
 
Red Hat Rhel Aus
 
Red Hat Rhel Eus Long Life
 
Red Hat Rhel E4s
 
Red Hat Rhel Tus
 
Red Hat Rhel Eus
 
Red Hat Ai Inference Server
 
Red Hat Ceph Storage
 
Red Hat Enterprise Linux Ai
 
Red Hat Openshift Ai
 
Red Hat Stf
 
Red Hat Trusted Artifact Signer
 
Red Hat Rhui
 
Red Hat Lightspeed Core
 
Red Hat Rhmt
 
Red Hat Migration Toolkit Virtualization
 
Red Hat Openshift Lightspeed
 
Red Hat Openshift
 
Red Hat Quay
 
Red Hat Satellite
 
Red Hat Service Mesh
 

Affected Versions

pyasn1: Red Hat Enterprise Linux Server (v. 7 ELS): Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS): Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS): Red Hat Enterprise Linux Server for SAP ELS (v. 7): Red Hat Enterprise Linux Server for SAPHANA ELS (v. 7): Red Hat Ansible Automation Platform 2.5 for RHEL 8: Red Hat OpenStack Platform 17.1: Red Hat Ansible Automation Platform 2.5 for RHEL 9: Red Hat Ansible Automation Platform 2.6 for RHEL 9: Ironic content for Red Hat OpenShift Container Platform 4.17: Ironic content for Red Hat OpenShift Container Platform 4.18: Red Hat Enterprise Linux AppStream EUS (v. 10.0): Red Hat Enterprise Linux AppStream (v. 10): Red Hat Enterprise Linux AppStream (v. 8): Red Hat Enterprise Linux AppStream AUS (v. 8.2): Red Hat Enterprise Linux AppStream AUS (v.8.4): Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4): Red Hat Enterprise Linux AppStream AUS (v.8.6): Red Hat Enterprise Linux AppStream E4S (v.8.6): Red Hat Enterprise Linux AppStream TUS (v.8.6): Red Hat Enterprise Linux AppStream E4S (v.8.8): Red Hat Enterprise Linux AppStream TUS (v.8.8): Red Hat Enterprise Linux AppStream E4S (v.9.0): Red Hat Enterprise Linux AppStream E4S (v.9.2): Red Hat Enterprise Linux AppStream EUS (v.9.4): Red Hat Enterprise Linux AppStream EUS (v.9.6): Red Hat Enterprise Linux AppStream (v. 9): Red Hat Enterprise Linux HighAvailability (v. 8): Red Hat Enterprise Linux High Availability AUS (v.8.4): Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4): Red Hat Enterprise Linux High Availability E4S (v.8.6): Red Hat Enterprise Linux High Availability TUS (v.8.6): Red Hat Enterprise Linux High Availability E4S (v.8.8): Red Hat Enterprise Linux High Availability TUS (v.8.8): Red Hat Enterprise Linux High Availability E4S (v.9.0): Red Hat Enterprise Linux High Availability E4S (v.9.2): Red Hat Enterprise Linux High Availability EUS (v.9.4): Red Hat AI Inference Server 3.3: Red Hat Ansible Automation Platform 2.5: Red Hat Ansible Automation Platform 2.6: Red Hat Ceph Storage 8: Red Hat Enterprise Linux AI 3.3: Red Hat OpenShift AI 2.25: Red Hat OpenShift AI 3.3: Red Hat OpenStack 1.5: Red Hat Trusted Artifact Signer 1.3: Red Hat Trusted Artifact Signer 1.4: Red Hat Update Infrastructure 5: Red Hat Enterprise Linux ResilientStorage (v. 8): Red Hat Enterprise Linux ResilientStorage E4S (v.9.0): Red Hat Enterprise Linux Resilient Storage E4S (v.9.2): Red Hat Enterprise Linux Resilient Storage EUS (v.9.4): Red Hat Lightspeed Core: Red Hat Migration Toolkit for Containers: Red Hat Migration Toolkit for Virtualization: Red Hat OpenShift Lightspeed: Red Hat AI Inference Server: Red Hat Ansible Automation Platform 2: Red Hat OpenShift AI (RHOAI): Red Hat OpenShift Container Platform 4: Red Hat OpenStack Platform 16.2: Red Hat OpenStack Platform 18.0: Red Hat Quay 3: Red Hat Satellite 6: Red Hat Ansible Automation Platform 2.6 for RHEL 10: Red Hat OpenShift Container Platform 4.17: Red Hat OpenShift Container Platform 4.18: Red Hat OpenShift Service Mesh 3: Red Hat Enterprise Linux 6:

Vulnerable Packages

The following package name and versions may be associated with CVE-2026-23490

Package Manager Vulnerable Package Versions Fixed In
pip pyasn1 <= 0.6.2 0.6.3

Exploit Probability

EPSS
0.49%
Percentile
38.26%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.