Resource exhaustion in Python Software Foundation Cpython

CVE-2026-15308

The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.

Vulnerability class: DoS (Denial of Service)

Affected products

Weakness classification (CWE)

References