Description
Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No known workarounds are available.
Published: 2026-01-08
Score: 2 Low
EPSS: < 1% Very Low
KEV: No
Impact: Logging type conversion error
Action: Patch
AI Analysis

Impact

LoggingRedactor is a Python library that removes sensitive data from log entries. The bug causes non‑string values to be coerced into strings, which results in type conversion errors when percent‑style format specifiers like %d are used. These errors can break the logging flow, cause crashes, or corrupt log output. The flaw is a type conversion error (CWE‑704) and does not provide direct code execution or data disclosure.

Affected Systems

Armurox LoggingRedactor is affected by all releases prior to version 0.0.6. Versions 0.0.6 and later include the patch.

Risk and Exploitability

The CVSS score of 2 classifies this as low severity. The EPSS value of less than 1% indicates an extremely low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. An attacker would need to execute code that calls LoggingRedactor’s logging functions with non‑string values and integer format specifiers to trigger the fault. No public workarounds are known.

Generated by OpenCVE AI on April 18, 2026 at 16:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade armurox LoggingRedactor to version 0.0.6 or newer, which includes the fixed type conversion handling.
  • Examine all code that uses LoggingRedactor’s logging methods and ensure that values supplied to percent‑style format strings are either already strings or safely converted, and avoid using %d or similar specifiers with non‑string data.
  • Run regression or unit tests after the upgrade to confirm that log generation proceeds without type conversion errors and that redaction remains functional.

Generated by OpenCVE AI on April 18, 2026 at 16:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-rvjx-cfjh-5mc9 loggingredactor converts non-string types to string types in logs
History

Mon, 12 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Armurox
Armurox logging Redactor
CPEs cpe:2.3:a:armurox:logging_redactor:*:*:*:*:*:python:*:*
Vendors & Products Armurox
Armurox logging Redactor
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Thu, 08 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 08 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Description Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No known workarounds are available.
Title loggingredactor converts non-string types to string types in logs
Weaknesses CWE-704
References
Metrics cvssV4_0

{'score': 2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Armurox Logging Redactor
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-08T15:54:57.412Z

Reserved: 2026-01-05T22:30:38.720Z

Link: CVE-2026-22041

cve-icon Vulnrichment

Updated: 2026-01-08T15:50:58.712Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-08T15:15:45.300

Modified: 2026-01-12T19:07:50.677

Link: CVE-2026-22041

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:45:05Z

Weaknesses