CVE-2026-15308

PUBLISHED
Published: 09 Jul 2026, 17:10
Last modified:09 Jul 2026, 17:31

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
10 CRITICAL
v4.0 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

09 Jul 2026, 17:10
Published
Vulnerability first disclosed
09 Jul 2026, 17:31
Last Modified
Vulnerability information updated

Description

The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.

CVSS Metrics

  • v4.0CRITICALScore: 10CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Techniques & Countermeasures

  • CWE-400Uncontrolled Resource Consumption

    The product does not properly control the allocation and maintenance of a limited resource.

Affected Systems

  • python software foundationcpython

    < 3.15.0

References (7)