CVE-2026-9669 is a stack buffer overflow vulnerability in Python’s bz2.BZ2Decompressor, triggered when the decompressor object is reused after encountering an error state. This can lead to memory corruption, and in a cloud context, could be exploited by an attacker supplying crafted compressed data to a vulnerable application running on Azure. The risk is elevated wherever Python workloads process untrusted bz2-compressed input.

Security Architect’s Take: Audit Azure-hosted Python workloads that use the bz2 module — particularly any that reuse BZ2Decompressor instances across multiple decompression operations or after error conditions — and apply available patches or restrict input sources. Consider enforcing input validation and sandboxing for services that decompress user-supplied data.

Original advisory: CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow