CVE-2026-15308
CVE-2026-15308
8.7
HighPublished:
Last updated:
Source:cna@python.org
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- None
- Integrity (Vulnerable)
- None
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.
References
cna@python.org
https://github.com/python/cpython/issues/153030cna@python.org
https://github.com/python/cpython/pull/153031cna@python.org
https://mail.python.org/archives/list/security-announce@python.org/thread/F6453LWKSHKCTWFLCOURWPLETNUIW2Z5/af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2026/07/09/4