CVE-2026-55830 in RestrictedPython
Summary
by MITRE • 07/09/2026
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted positional-only arguments, allowing __getattr__, _getitem_, _write_, or _print_ to be shadowed by a local parameter and bypass the embedding application's access policy. This issue is fixed in version 8.3.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 07/09/2026
RestrictedPython represents a critical security vulnerability in versions prior to 8.3 where the check_function_argument_names() function failed to properly validate positional-only arguments during function definition analysis. This flaw created a significant bypass mechanism within the restricted execution environment that was designed to prevent unauthorized access to protected guard hooks such as _getattr_, getitem, write, and print. The vulnerability stemmed from an incomplete implementation where the validation logic correctly handled regular parameters, variadic arguments, and keyword-only arguments but completely overlooked positional-only parameters, which are defined with a forward slash in function signatures. Attackers could exploit this gap by defining local function parameters with names that shadowed these protected hooks, effectively circumventing the security controls that RestrictedPython was designed to enforce.
The technical impact of this vulnerability extends beyond simple parameter shadowing as it fundamentally undermines the core security model of RestrictedPython. When a local parameter name matches one of the protected guard hook names, the normal access control mechanisms fail because the interpreter resolves the reference to the local parameter instead of the intended guard hook. This creates a situation where malicious code could bypass the intended sandboxing restrictions and potentially execute unauthorized operations within the restricted environment. The vulnerability specifically affects the function argument validation process where positional-only arguments are not subjected to the same security checks as other parameter types, creating an inconsistent security posture within the library. According to CWE standards, this represents a weakness in the security model of a restricted execution environment, classified under CWE-254 as "Security Features" and potentially CWE-346 for "Trust Boundary Violation" when the sandboxing mechanism is bypassed.
The operational consequences of this vulnerability are severe for any application that relies on RestrictedPython for secure code execution within untrusted environments. Systems using versions prior to 8.3 may be vulnerable to privilege escalation attacks where attackers can manipulate function signatures to gain access to restricted operations that should remain unavailable to untrusted code. This vulnerability impacts applications such as web frameworks, sandboxed scripting environments, and any system that uses RestrictedPython to execute user-provided code while maintaining security boundaries. The issue affects the fundamental integrity of the restricted execution model, potentially allowing attackers to read sensitive data through getitem shadowing, write to unauthorized locations via write, or access object attributes through _getattr_ bypasses.
Organizations should immediately update to RestrictedPython version 8.3 or later to address this vulnerability, as the fix implements comprehensive validation across all parameter types including positional-only arguments. The mitigation strategy involves not only upgrading the library but also conducting thorough security reviews of existing code that may have exploited this vulnerability in previous versions. Security teams should implement continuous monitoring for any suspicious function definitions that might attempt to shadow guard hooks, particularly in environments where user-provided code execution is permitted. Additionally, system administrators should consider implementing automated dependency checks to ensure that RestrictedPython is always updated to the latest secure version, as this vulnerability demonstrates how incomplete security implementations can create dangerous bypass paths within sandboxed environments. The fix addresses the underlying ATT&CK technique T1059.001 for "Command and Scripting Interpreter" by ensuring proper validation of function signatures and preventing unauthorized access to restricted operations through parameter manipulation attacks.