CVE-2026-7210

Severity CVSS v4.0:
MEDIUM
Type:
CWE-331 Insufficient Entropy
Publication date:
11/05/2026
Last modified:
15/06/2026

Description

`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* 3.15.0 (excluding)