Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

Ubuntu 26.04 Dynaconf Vulnerability for Arbitrary Code Execution Issue

ubuntu
Calendar Grey May 6, 2026
Dist Ubuntu Esm H88
Update your Ubuntu system to fix the critical python-dynaconf issue enabling arbitrary code execution remotely.
Dynaconf could be made to execute arbitrary code.

Summary

Dynaconf could be made to execute arbitrary code.

Software Description:

- python-dynaconf: Configuration Management for Python

Details:

It was discovered that Dynaconf was incorrectly handling template evaluation

in its string resolvers. A remote attacker could possibly use this issue

to execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  python3-dynaconf                3.2.12-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 25.10
  python3-dynaconf                3.1.7-2ubuntu0.25.10.1

Ubuntu 24.04 LTS
  python3-dynaconf                3.1.7-2ubuntu0.24.04.1

Ubuntu 22.04 LTS
  python3-dynaconf                3.1.7-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8231-1

CVE-2026-33154

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8231-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here