cvedb.io
CVE-2026-7210
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-05-11T18:16:42.413 · Last modified 2026-06-17T11:02:00.563

Summary

`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.

Affected products

python — python

Does this affect you?

Add your gear to cvedb and we'll alert you only when python ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.