VDB

ANCHORE-2026-7210

ANCHORE-2026-7210 PUBLISHED

`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.

Affected Products

VendorProductVersions
Python Software FoundationCPython0, 0, 0

Timeline

  • May 11, 2026 CVE Published
  • Jun 10, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›