Description
When an Expat parser with a registered ElementDeclHandler parses an inline
document type definition containing a deeply nested content model a C stack
overflow occurs.
Published: 2026-03-16
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stack Buffer Overflow
Action: Apply Patch
AI Analysis

Impact

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model, a C stack overflow occurs. This weakness is identified as CWE‑674 and CWE‑805.

Affected Systems

CPython from the Python Software Foundation is affected. No specific version numbers are listed in the provided data, so all releases prior to a fix may be vulnerable.

Risk and Exploitability

The CVSS score of 6 indicates medium severity. No EPSS score is available, and the vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the attack vector could be local or remote via XML ingestion, requiring the ability to supply an XML document with a deeply nested DTD to the Expat parser.

Generated by OpenCVE AI on March 17, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check CPython releases for a patch addressing CVE‑2026‑4224.
  • Upgrade to a CPython version that includes the fix once available.
  • Subscribe to Python Security Advisories to stay informed about patches.

Generated by OpenCVE AI on March 17, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Python
Python cpython
Vendors & Products Python
Python cpython

Tue, 17 Mar 2026 00:30:00 +0000

Type Values Removed Values Added
References

Tue, 17 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-805
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Mon, 16 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-674
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Description When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
Title Stack overflow parsing XML with deeply nested DTD content models
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Python Cpython
cve-icon MITRE

Status: PUBLISHED

Assigner: PSF

Published:

Updated: 2026-03-16T23:08:21.692Z

Reserved: 2026-03-15T18:10:54.886Z

Link: CVE-2026-4224

cve-icon Vulnrichment

Updated: 2026-03-16T23:08:21.692Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T18:16:10.070

Modified: 2026-03-17T14:20:01.670

Link: CVE-2026-4224

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-16T17:52:26Z

Links: CVE-2026-4224 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:50:04Z

Weaknesses