QwikSec

Security Database

CVE

CWE

Training

CVE-2026-7210

Published: May 11, 2026

Modified: May 11, 2026

PUBLISHED

Description

`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.

Vendor	Product	Versions
Python Software Foundation	CPython	affected `0 - < 3.15.0`

Weaknesses (CWE)

References

https://mail.python.org/archives/list/[email protected]/thread/PNY5OMBDPM2FRUZTWFFPJ6LISWKV627K/

vendor-advisory

https://github.com/python/cpython/pull/149023

patch

https://github.com/python/cpython/issues/149018

issue-tracking

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.