high advisory March 19, 2026

Memory Exhaustion Vulnerability in Widely Used Python Library

A memory exhaustion vulnerability (CVE-2026-33155) exists in a widely used Python library, affecting services like SageMaker, DataHub, and acryl-datahub due to an incomplete patch for CVE-2025-58367, requiring pinning to version 8.6.2.

A critical memory exhaustion vulnerability, identified as CVE-2026-33155, has been discovered in a widely used Python library downloaded approximately 29 million times per month. This vulnerability poses a significant threat to services that rely on the affected library, including Amazon SageMaker, DataHub, and acryl-datahub. The issue stems from an incomplete patch for a previous vulnerability, CVE-2025-58367, related to restricted unpickling. Organizations that applied the initial patch may…

Detection coverage 2

Detect Suspicious Pickled Data

medium

Detects network traffic containing potentially malicious pickled data, which could be used to exploit memory exhaustion vulnerabilities.

sigma tactics: resource_development techniques: T1588.006 sources: network_connection, windows

Detect Exceeded Memory Quota

high

Detects when a process exceeds its allocated memory quota, potentially indicating a memory exhaustion attack.

sigma tactics: availability techniques: T1499.001 sources: process_creation, windows

Detection queries are kept inside the platform. Get full rules →