wid-sec-w-2026-0741 · Published 2026-03-16 · View on BSI CERT-Bund ↗

CPython: Multiple Vulnerabilities allow Manipulation from Dateien and DoS

CVSS 6.0 MEDIUM

Risk Summary

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.

CVEs (2)

CVE-2026-3644 CVE-2026-4224

Affected Vendors

Amazon Fedora Open Source SUSE

Affected Products (2)

Open Source · Python <3.15.0

Open Source · Python 3.15.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more