Resource exhaustion in Python Software Foundation Cpython
CVE-2026-15308
The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.
Vulnerability class: DoS (Denial of Service)
Affected products
- Python Software Foundation Cpython — versions 0
Weakness classification (CWE)
References
- cna@python.org (issue-tracking)
- cna@python.org (patch)
- cna@python.org (vendor-advisory)
- cna@python.org (patch)
- cna@python.org (patch)
- cna@python.org (patch)
- cna@python.org (patch)
- af854a3a-2127-422b-91ae-364da2661108