[CVE-2026-4224] Stack overflow parsing XML with deeply nested DTD content models
March 16, 2026
5:46 p.m.
There is a HIGH severity vulnerability affecting CPython.
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
Please see the linked CVE ID for the latest information on affected versions:
55
Age (days ago)
55
Last active (days ago)
0 comments
1 participants
participants (1)
-
Stan Ulbrych