PT-2026-39722 · Python+1 · Python+1
Stan Ulbrych
·
Published
2026-05-11
·
Updated
2026-07-02
·
CVE-2026-7210
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Python (affected versions not specified)
Description
The
xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection. This allows a specially crafted XML document to trigger hash flooding, a condition where many keys are mapped to the same hash bucket, significantly slowing down processing.Recommendations
Update libexpat to version 2.8.0 or later and apply the available software patch.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Python
Libexpat