9.0.0

Last update: 08/05/2026

twisted

Event-driven networking engine written in Python.

Version: 9.0.0

Safety score

-140

Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.

De-risk your app now

Security Risks of Known Vulnerabilities

CVE-2026-42304
CWE-400
Threat level: HIGH | CVSS score: 8

The twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previous loop-prevention logic, causing the single-threaded Twisted reactor to hang while processing millions of recursive lookups, effectively freezing the server.

Threat level: MEDIUM | CVSS score: 5

Twisted Web is vulnerable to request smuggling attacks:

Please note that this component is affected by 11 other vulnerabilities
2 Critical | 2 High | 7 Medium | 0 Low | 2 Suggest

Latest safe major: 26.4.0rc2 Scan your application codebase with Meterian to see all known vulnerabilities in your open source software dependencies.

Stability

Stay updated with the latest patches and releases. Plan your sofware desisgn. Avoid common known vulnerabilities fixed by the open source community

Latest patch release: --

Latest minor release: --

Latest major release: 26.4.0rc2

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

MIT - MIT License

Not a wildcard

Not proprietary

OSI Compliant