There is a MEDIUM severity vulnerability affecting CPython. `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.
Fully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch. Please see the linked CVE ID for the latest information on affected versions: * https://www.cve.org/CVERecord?id=CVE-2026-7210 * https://github.com/python/cpython/pull/149023 Best regards, Stan Ulbrych.
_______________________________________________ Security-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/security-announce.python.org Member address: [email protected]
