CVE-2026-15308

HIGH

Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

Title source: cna
STIX 2.1

Description

The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.

Scores

CVSS v3 7.5
EPSS 0.0055
EPSS Percentile 42.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (2)
python/python < 3.15.0
Python Software Foundation/CPython < 3.15.0
Published Jul 09, 2026
Tracked Since Jul 09, 2026