https://www.cve.org/CVERecord?id=CVE-2026-15308 currently lists all
versions before Python 3.15.0 as affected.


-------- Forwarded Message --------
Subject:        [Security-announce][CVE-2026-15308] Incremental HTMLParser 
allows CPU-exhaustion DoS via repeated unterminated markup declarations
Date:   Thu, 9 Jul 2026 17:08:21 +0000
From:   Seth Larson <[email protected]>
Reply-To:       [email protected]
To:     [email protected]



There is a HIGH severity vulnerability affecting CPython.

The incremental HTML parser (html.parser.HTMLParser) allows for CPU 
denial-of-service through repeated unterminated markup declarations when 
processing uncontrolled data.

Please see the linked CVE ID for the latest information on affected versions:

* https://www.cve.org/CVERecord?id=CVE-2026-15308
* https://github.com/python/cpython/pull/153031

_______________________________________________
Security-announce mailing list -- [email protected]
https://mail.python.org/mailman3//lists/security-announce.python.org

Reply via email to