CVE-2026-4224

Published: Mar 16, 2026

Modified: Apr 8, 2026

PUBLISHED

Description

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.

Vendor	Product	Versions
Python Software Foundation	CPython	affected `0 - < 3.13.13` affected `3.14.0 - < 3.14.4` affected `3.15.0a1 - < 3.15.0a8`

References

https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768

patch

https://mail.python.org/archives/list/[email protected]/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/

vendor-advisory

https://github.com/python/cpython/issues/145986

issue-tracking

https://github.com/python/cpython/pull/145987

patch

https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a

patch

https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3

patch

https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785

patch

https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-4224

Description

Affected Products

References