Description

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. The latest version 1.0.5 has this issue fixed. This vulnerability is fixed in 1.0.5.

INFO

Published Date :

2026-03-13T21:03:53.435Z

Last Modified :

2026-04-21T15:29:09.693Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32640 vulnerability.

Vendors Products
Danthedeckie
  • Simpleeval
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32640.

URL Resource
https://github.com/danthedeckie/simpleeval/security/advisories/GHSA-44vg-5wv2-h2hg cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2026/04/msg00023.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-32640 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-32640 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact