Third-Party Package Updates in Python for Scientific Computing - July 2026
Advisory ID: SVD-2026-0701
CVE ID: Multiple
Published: 2026-07-01
Last Update: 2026-07-01
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Python for Scientific Computing version 4.3.2 and higher including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| aiohttp1 | Upgraded aiohttp to version 3.13.4 | Multiple | Medium |
| protobuf2 | Upgraded protobuf to version 6.33.5 | CVE-2026-0994 | High |
| requests3 | Upgraded requests to version 2.33.1 | CVE-2026-25645 | Medium |
| LiteLLM4 | Upgraded LiteLLM to version 1.83.14 | Multiple | Critical |
| urllib35 | Upgraded urllib3 to version 2.7.0 | Multiple | High |
| cryptography6 | Upgraded cryptography to version 46.0.7 | Multiple | Medium |
1 Upgraded aiohttp to version 3.13.4 to remedy CVE-2026-22815, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34517, CVE-2026-34518, CVE-2026-34519, CVE-2026-34520 and CVE-2026-34525.
2 Upgraded protobuf to version 6.33.5 to remedy CVE-2026-0994.
3 Upgraded requests to version 2.33.1 to remedy CVE-2026-25645.
4 Upgraded LiteLLM to version 1.83.14 to remedy CVE-2026-35030, CVE-2026-35029 and CVE-2026-42271.
5 Upgraded urllib3 to version 2.7.0 to remedy CVE-2026-44431 and CVE-2026-44432.
6 Upgraded cryptography to version 46.0.7 to remedy CVE-2026-34073 and CVE-2026-39892.
Solution
Upgrade Python for Scientific Computing (PSC) to version 4.3.2 or higher.
For Splunk AI Toolkit (AITK), upgrading Python for Scientific Computing (PSC) to version 4.3.2 requires updating AITK to version 5.7.4 or higher. See Upgrade the AI Toolkit and Install the AI Toolkit for more information on the version compatibility.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Python for Scientific Computing (for Linux 64-bit) | 4.3 | 4.3.1 | 4.3.2 |
| Python for Scientific Computing (for Mac Apple Silicon) | 4.3 | 4.3.1 | 4.3.2 |
| Python for Scientific Computing (for Mac Intel) | 4.3 | 4.3.1 | 4.3.2 |
| Python for Scientific Computing (for Windows 64-bit) | 4.3 | 4.3.1 | 4.3.2 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.