Description

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript execution when a victim opened the generated report in a browser. Version 1.19.2 fixes the issue.

INFO

Published Date :

2026-03-18T21:25:21.495Z

Last Modified :

2026-03-19T17:39:50.970Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32722 vulnerability.

Vendors Products
Bloomberg
  • Memray
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32722.

URL Resource
https://github.com/bloomberg/memray/commit/ba6e4e2e9930f9641bed7adfdf43c8e2545ce249 cve-icon cve-icon
https://github.com/bloomberg/memray/releases/tag/v1.19.2 cve-icon cve-icon
https://github.com/bloomberg/memray/security/advisories/GHSA-r5pr-887v-m2w9 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact