CVE-2026-22041
Type Conversion Error in Logging Redactor Python Library Prior to
Publication date: 2026-01-08
Last updated on: 2026-01-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| armurox | loggingredactor | to 0.0.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-704 | The product does not correctly convert an object, resource, or structure from one type to a different type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22041 is a vulnerability in the Python package 'loggingredactor' prior to version 0.0.6. The issue occurs because non-string data types are improperly converted into string types during logging redaction. This causes type errors when the logging format expects integer values (such as with %d format specifiers). Essentially, the redaction method forcibly converts all non-string values to strings, which affects logging accuracy and data integrity. The problem was fixed in version 0.0.6. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by causing type errors in logging operations when non-string data types are converted to strings improperly. This can lead to inaccurate or corrupted log entries, especially when logs expect specific data types like integers. Such issues may affect debugging, monitoring, or auditing processes that rely on accurate log data. However, the severity is classified as low. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your system is using the loggingredactor Python package version prior to 0.0.6. Specifically, you can check if logs contain type errors related to %d format specifiers due to improper conversion of non-string types to strings. To detect the vulnerable version, you can run the command `pip show loggingredactor` to check the installed version. Additionally, reviewing logs for type errors during logging operations involving integer format specifiers (%d) may indicate the presence of this vulnerability. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the loggingredactor package to version 0.0.6 or later, where the issue has been patched. There are no known workarounds other than applying this patch. [1]