CVE-2026-15308

Published: July 10, 2026Last modified: July 11, 2026

Description

The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSpython3Vulnerable (3.11.3-r0)
25 LTSpython3Fixed (3.12.13-r6)
Streampython3Fixed (3.14.5-r5)
Hardened Containers23 LTSpython3Vulnerable (3.11.3-r0)
25 LTSpython3Fixed (3.12.13-r6)
Streampython3Fixed (3.14.5-r5)

References

ON THIS PAGE