https://www.cve.org/CVERecord?id=CVE-2026-15308 currently lists all versions before Python 3.15.0 as affected.
-------- Forwarded Message -------- Subject: [Security-announce][CVE-2026-15308] Incremental HTMLParser allows CPU-exhaustion DoS via repeated unterminated markup declarations Date: Thu, 9 Jul 2026 17:08:21 +0000 From: Seth Larson <[email protected]> Reply-To: [email protected] To: [email protected] There is a HIGH severity vulnerability affecting CPython. The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data. Please see the linked CVE ID for the latest information on affected versions: * https://www.cve.org/CVERecord?id=CVE-2026-15308 * https://github.com/python/cpython/pull/153031 _______________________________________________ Security-announce mailing list -- [email protected] https://mail.python.org/mailman3//lists/security-announce.python.org
