PT-2026-39722 · Python+1 · Python+1

Stan Ulbrych

·

Published

2026-05-11

·

Updated

2026-07-02

·

CVE-2026-7210

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Python (affected versions not specified)
Description The xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection. This allows a specially crafted XML document to trigger hash flooding, a condition where many keys are mapped to the same hash bucket, significantly slowing down processing.
Recommendations Update libexpat to version 2.8.0 or later and apply the available software patch.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BIT-LIBPYTHON-2026-7210
BIT-PYTHON-2026-7210
BIT-PYTHON-MIN-2026-7210
CVE-2026-7210
ECHO-63FC-2F8A-5391
OPENSUSE-SU-2026:11101-1
OPENSUSE-SU-2026:11181-1
PSF-2026-23

Affected Products

Python
Libexpat