CVE-2026-4539

pygments archetype.py AdlLexer redos

Description

A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

INFO

Published Date :

2026-03-22T05:35:12.096Z

Last Modified :

2026-03-23T16:08:49.809Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2026-4539 vulnerability.

Vendors	Products
Pygments	Pygments

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-4539.

URL	Resource
https://github.com/pygments/pygments/
https://github.com/pygments/pygments/issues/3058
https://nvd.nist.gov/vuln/detail/CVE-2026-4539
https://vuldb.com/?ctiid.352327
https://vuldb.com/?id.352327
https://vuldb.com/?submit.774685
https://www.cve.org/CVERecord?id=CVE-2026-4539

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact