python · picnixz · Jun 8, 2025 · Jun 6, 2025 · Jun 8, 2025 · Jun 8, 2025
diff --git a/Doc/library/uuid.rst b/Doc/library/uuid.rst
@@ -257,6 +257,10 @@ The :mod:`uuid` module defines the following functions:
    non-specified arguments are substituted for a pseudo-random integer of
    appropriate size.
 
+   By default, *a*, *b* and *c* are generated by a non-cryptographically
+   secure pseudo-random number generator (CSPRNG). Use :func:`uuid4` when
+   a UUID needs to be used in a security-sensitive context.
+
    .. versionadded:: 3.14
 
 

diff --git a/Lib/uuid.py b/Lib/uuid.py
@@ -666,8 +666,7 @@ def _random_getnode():
     # counting from 1 being the least significant bit, or 1<<40.
     #
     # See https://en.wikipedia.org/w/index.php?title=MAC_address&oldid=1128764812#Universal_vs._local_(U/L_bit)
-    import random
-    return random.getrandbits(48) | (1 << 40)
+    return int.from_bytes(os.urandom(6)) | (1 << 40)
 
 
 # _OS_GETTERS, when known, are targeted for a specific OS or platform.

diff --git a/Misc/NEWS.d/next/Library/2025-06-08-10-22-22.gh-issue-135244.Y2SOTJ.rst b/Misc/NEWS.d/next/Library/2025-06-08-10-22-22.gh-issue-135244.Y2SOTJ.rst
@@ -0,0 +1,4 @@
+:mod:`uuid`: when the MAC address cannot be determined, the 48-bit node
+ID is now generated with a cryptographically-secure pseudo-random number
+generator (CSPRNG) as per :rfc:`RFC 9562, §6.10 <9562#section-6.10>`.
+This affects :func:`~uuid.uuid1` and :func:`~uuid.uuid6`.