« List of all CVEs

CVE-2026-15308

Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

Published: 7/9/2026 Last updated: 7/9/2026 Reserved: 7/9/2026

The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.

CNA assigner: PSF (28c92f92-d60d-412d-b760-e73465c3df22) Requested by: n/a

Metrics

Version Score Severity Vector String
4.0 8.7 High CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Opam packages affected (7)

conf-python-2-7 conf-python-2-7-dev conf-python-3 conf-python-3-7 conf-python-3-dev py termbox

Products affected (1)

Product Vendor Version
CPython Python Software Foundation <= 2.0.0

References (8)

Credits (4)