CVE-2026-22041
Unknown Unknown - Not Provided
Type Conversion Error in Logging Redactor Python Library Prior to

Publication date: 2026-01-08

Last updated on: 2026-01-08

Assigner: GitHub, Inc.

Description
Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No known workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22041
EUVD
EUVD-2026-1160
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
armurox loggingredactor to 0.0.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-704 The product does not correctly convert an object, resource, or structure from one type to a different type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-22041 is a vulnerability in the Python package 'loggingredactor' prior to version 0.0.6. The issue occurs because non-string data types are improperly converted into string types during logging redaction. This causes type errors when the logging format expects integer values (such as with %d format specifiers). Essentially, the redaction method forcibly converts all non-string values to strings, which affects logging accuracy and data integrity. The problem was fixed in version 0.0.6. [1, 2]

Impact Analysis

This vulnerability can impact you by causing type errors in logging operations when non-string data types are converted to strings improperly. This can lead to inaccurate or corrupted log entries, especially when logs expect specific data types like integers. Such issues may affect debugging, monitoring, or auditing processes that rely on accurate log data. However, the severity is classified as low. [1, 2]

Detection Guidance

This vulnerability can be detected by identifying if your system is using the loggingredactor Python package version prior to 0.0.6. Specifically, you can check if logs contain type errors related to %d format specifiers due to improper conversion of non-string types to strings. To detect the vulnerable version, you can run the command `pip show loggingredactor` to check the installed version. Additionally, reviewing logs for type errors during logging operations involving integer format specifiers (%d) may indicate the presence of this vulnerability. [1, 2]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the loggingredactor package to version 0.0.6 or later, where the issue has been patched. There are no known workarounds other than applying this patch. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22041. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart