Dynaconf vulnerability
Published: Wed, 06 May 2026 09:06
Summary
Dynaconf could be made to execute arbitrary code.
Details
It was discovered that Dynaconf was incorrectly handling template evaluation in its string resolvers. A remote attacker could possibly use this issue to execute arbitrary code.
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu jammy
python-dynaconf→3.1.7-1ubuntu0.1~esm1apt_upgrade_esmFixed at 3.1.7-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y python-dynaconf=3.1.7-1ubuntu0.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
python3-dynaconf→3.1.7-1ubuntu0.1~esm1apt_upgrade_esmFixed at 3.1.7-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y python3-dynaconf=3.1.7-1ubuntu0.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Ubuntu noble
python-dynaconf→3.1.7-2ubuntu0.24.04.1apt_upgradeStandard apt upgrade. Install 3.1.7-2ubuntu0.24.04.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python-dynaconf
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-dynaconf→3.1.7-2ubuntu0.24.04.1apt_upgradeStandard apt upgrade. Install 3.1.7-2ubuntu0.24.04.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-dynaconf
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu questing
python-dynaconf→3.1.7-2ubuntu0.25.10.1apt_upgradeStandard apt upgrade. Install 3.1.7-2ubuntu0.25.10.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python-dynaconf
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-dynaconf→3.1.7-2ubuntu0.25.10.1apt_upgradeStandard apt upgrade. Install 3.1.7-2ubuntu0.25.10.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-dynaconf
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu resolute
python-dynaconf→3.2.12-1ubuntu0.1~esm1apt_upgrade_esmFixed at 3.2.12-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y python-dynaconf=3.2.12-1ubuntu0.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
python3-dynaconf→3.2.12-1ubuntu0.1~esm1apt_upgrade_esmFixed at 3.2.12-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y python3-dynaconf=3.2.12-1ubuntu0.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Are YOU affected by USN-8231-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8231-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.