oss-sec mailing list archives
[oss-security][CVE-2026-15308] Incremental HTMLParser allows CPU-exhaustion DoS via repeated unterminated markup declarations
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Thu, 9 Jul 2026 10:40:24 -0700
https://www.cve.org/CVERecord?id=CVE-2026-15308 currently lists all versions before Python 3.15.0 as affected. -------- Forwarded Message -------- Subject: [Security-announce][CVE-2026-15308] Incremental HTMLParser allows CPU-exhaustion DoS via repeated unterminated markup declarations Date: Thu, 9 Jul 2026 17:08:21 +0000 From: Seth Larson <seth () python org> Reply-To: security-sig () python org To: security-announce () python org There is a HIGH severity vulnerability affecting CPython. The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data. Please see the linked CVE ID for the latest information on affected versions: * https://www.cve.org/CVERecord?id=CVE-2026-15308 * https://github.com/python/cpython/pull/153031 _______________________________________________ Security-announce mailing list -- security-announce () python org https://mail.python.org/mailman3//lists/security-announce.python.org
Current thread:
- [oss-security][CVE-2026-15308] Incremental HTMLParser allows CPU-exhaustion DoS via repeated unterminated markup declarations Alan Coopersmith (Jul 09)
