NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-7210

Summary	`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.
Publication Date	May 12, 2026, 3:16 a.m.
Registration Date	May 12, 2026, 4:15 a.m.
Last Update	May 12, 2026, 3:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/python/cpython/issues/149018	cna@python.org
2	https://github.com/python/cpython/pull/149023	cna@python.org
3	https://mail.python.org/archives/list/security-announce@python.org/thread/PNY5OMBDPM2FRUZTWFFPJ6LISWKV627K/	cna@python.org

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-331	エントロピー不足	https://cwe.mitre.org/data/definitions/331.html