๐Ÿ” CVE Alert

CVE-2026-15308

UNKNOWN 0.0

Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.

CWE CWE-400
Vendor python software foundation
Product cpython
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for python software foundation cpython

Be the first to know when new unknown vulnerabilities affecting python software foundation cpython are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Python Software Foundation / CPython
0 < 3.15.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
mail.python.org: https://mail.python.org/archives/list/[email protected]/thread/F6453LWKSHKCTWFLCOURWPLETNUIW2Z5/ github.com: https://github.com/python/cpython/pull/153031 github.com: https://github.com/python/cpython/issues/153030 github.com: https://github.com/python/cpython/commit/07efb08123ba9367a7107325adb9d5626dca1ca9 github.com: https://github.com/python/cpython/commit/7933f4bf7131aa4140750f9404f5de0aa2969ced github.com: https://github.com/python/cpython/commit/bcf98ddbc40ec9b3ee87da0124a5660b19b7e606 github.com: https://github.com/python/cpython/commit/e9f92ac0b298292e7ff998e52cb8ccacfb27a0bd openwall.com: http://www.openwall.com/lists/oss-security/2026/07/09/4

Credits

๐Ÿ” Edward-x (https://github.com/YLChen-007) Serhiy Storchaka (https://github.com/serhiy-storchaka) Gregory P. Smith (https://github.com/gpshead) Seth Larson (https://github.com/sethmlarson)