Third-Party Package Updates in Python for Scientific Computing - July 2026

Advisory ID: SVD-2026-0701

CVE ID:  Multiple

Published: 2026-07-01

Last Update: 2026-07-01

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Python for Scientific Computing version 4.3.2 and higher including the following:

PackageRemediationCVESeverity
aiohttp1Upgraded aiohttp to version 3.13.4MultipleMedium
protobuf2Upgraded protobuf to version 6.33.5CVE-2026-0994High
requests3Upgraded requests to version 2.33.1CVE-2026-25645Medium
LiteLLM4Upgraded LiteLLM to version 1.83.14MultipleCritical
urllib35Upgraded urllib3 to version 2.7.0MultipleHigh
cryptography6Upgraded cryptography to version 46.0.7MultipleMedium

1 Upgraded aiohttp to version 3.13.4 to remedy CVE-2026-22815, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34517, CVE-2026-34518, CVE-2026-34519, CVE-2026-34520 and CVE-2026-34525.

2 Upgraded protobuf to version 6.33.5 to remedy CVE-2026-0994.

3 Upgraded requests to version 2.33.1 to remedy CVE-2026-25645.

4 Upgraded LiteLLM to version 1.83.14 to remedy CVE-2026-35030, CVE-2026-35029 and CVE-2026-42271.

5 Upgraded urllib3 to version 2.7.0 to remedy CVE-2026-44431 and CVE-2026-44432.

6 Upgraded cryptography to version 46.0.7 to remedy CVE-2026-34073 and CVE-2026-39892.

Solution

Upgrade Python for Scientific Computing (PSC) to version 4.3.2 or higher.

For Splunk AI Toolkit (AITK), upgrading Python for Scientific Computing (PSC) to version 4.3.2 requires updating AITK to version 5.7.4 or higher. See Upgrade the AI Toolkit and Install the AI Toolkit for more information on the version compatibility.

Product Status

ProductBase VersionAffected VersionFix Version
Python for Scientific Computing (for Linux 64-bit)4.34.3.14.3.2
Python for Scientific Computing (for Mac Apple Silicon)4.34.3.14.3.2
Python for Scientific Computing (for Mac Intel)4.34.3.14.3.2
Python for Scientific Computing (for Windows 64-bit)4.34.3.14.3.2

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.