CVE-2026-4224
ADVISORY - nistSummary
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
EPSS Score: 0.00621 (0.455)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Uncontrolled Recursion
ADVISORY - redhat
Buffer Access with Incorrect Length Value
Docker
CREATED
UPDATED
ADVISORY ID
CVE-2026-4224
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| python | dhi | - | - | <3.13.13 | 3.13.13 |
| alpine/python-3.10 | apk | alpine | 3.23 | <3.13.13 | 3.13.13 |
| alpine/python-3.10 | apk | alpine | 3.23 | >=3.14.0-alpha1,<3.14.4 | 3.14.4 |
| alpine/python-3.10 | apk | alpine | 3.23 | >=3.15.0-alpha1,<3.15.0-alpha8 | 3.15.0-alpha8 |
| alpine/python-3.11 | apk | alpine | 3.23 | <3.13.13 | 3.13.13 |
| alpine/python-3.11 | apk | alpine | 3.23 | >=3.14.0-alpha1,<3.14.4 | 3.14.4 |
| alpine/python-3.11 | apk | alpine | 3.23 | >=3.15.0-alpha1,<3.15.0-alpha8 | 3.15.0-alpha8 |
| alpine/python-3.12 | apk | alpine | 3.23 | <3.13.13 | 3.13.13 |
| alpine/python-3.12 | apk | alpine | 3.23 | >=3.14.0-alpha1,<3.14.4 | 3.14.4 |
| alpine/python-3.12 | apk | alpine | 3.23 | >=3.15.0-alpha1,<3.15.0-alpha8 | 3.15.0-alpha8 |
| alpine/python-3.13 | apk | alpine | 3.23 | <3.13.13 | 3.13.13 |
| alpine/python-3.13 | apk | alpine | 3.23 | >=3.14.0-alpha1,<3.14.4 | 3.14.4 |
| alpine/python-3.13 | apk | alpine | 3.23 | >=3.15.0-alpha1,<3.15.0-alpha8 | 3.15.0-alpha8 |
| alpine/python-3.14 | apk | alpine | 3.23 | <3.13.13 | 3.13.13 |
| alpine/python-3.14 | apk | alpine | 3.23 | >=3.14.0-alpha1,<3.14.4 | 3.14.4 |
| alpine/python-3.14 | apk | alpine | 3.23 | >=3.15.0-alpha1,<3.15.0-alpha8 | 3.15.0-alpha8 |
| debian/python-3.10 | deb | debian | 13 | <3.13.13 | 3.13.13 |
| debian/python-3.10 | deb | debian | 13 | >=3.14.0-alpha1,<3.14.4 | 3.14.4 |
| debian/python-3.10 | deb | debian | 13 | >=3.15.0-alpha1,<3.15.0-alpha8 | 3.15.0-alpha8 |
| debian/python-3.11 | deb | debian | 13 | <3.13.13 | 3.13.13 |
| debian/python-3.11 | deb | debian | 13 | >=3.14.0-alpha1,<3.14.4 | 3.14.4 |
| debian/python-3.11 | deb | debian | 13 | >=3.15.0-alpha1,<3.15.0-alpha8 | 3.15.0-alpha8 |
| debian/python-3.12 | deb | debian | 13 | <3.13.13 | 3.13.13 |
| debian/python-3.12 | deb | debian | 13 | >=3.14.0-alpha1,<3.14.4 | 3.14.4 |
| debian/python-3.12 | deb | debian | 13 | >=3.15.0-alpha1,<3.15.0-alpha8 | 3.15.0-alpha8 |
| debian/python-3.13 | deb | debian | 13 | <3.13.13 | 3.13.13 |
| debian/python-3.13 | deb | debian | 13 | >=3.14.0-alpha1,<3.14.4 | 3.14.4 |
| debian/python-3.13 | deb | debian | 13 | >=3.15.0-alpha1,<3.15.0-alpha8 | 3.15.0-alpha8 |
| debian/python-3.14 | deb | debian | 13 | <3.13.13 | 3.13.13 |
| debian/python-3.14 | deb | debian | 13 | >=3.14.0-alpha1,<3.14.4 | 3.14.4 |
| debian/python-3.14 | deb | debian | 13 | >=3.15.0-alpha1,<3.15.0-alpha8 | 3.15.0-alpha8 |
| python | dhi | - | - | >=3.14.0-alpha1,<3.14.4 | 3.14.4 |
| python | dhi | - | - | >=3.15.0-alpha1,<3.15.0-alpha8 | 3.15.0-alpha8 |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-4224
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6mediumAlpine
CREATED
UPDATED
ADVISORY IDCVE-2026-4224
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2026-4224
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-4224
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5mediumAlma
CREATED
UPDATED
ADVISORY IDALSA-2026:10950
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighAlma
CREATED
UPDATED
ADVISORY IDALSA-2026:19176
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighAlma
CREATED
UPDATED
ADVISORY IDALSA-2026:19177
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighAmazon
CREATED
UPDATED
ADVISORY IDALAS2-2026-3217
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2-2026-3218
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2023-2026-1583
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighAmazon
CREATED
UPDATED
ADVISORY IDALAS2023-2026-1600
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2023-2026-1617
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighAmazon
CREATED
UPDATED
ADVISORY IDALAS2023-2026-1619
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighAmazon
CREATED
UPDATED
ADVISORY IDALAS2023-2026-1620
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighBitnami
CREATED
UPDATED
ADVISORY ID
BIT-libpython-2026-4224
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6mediumBitnami
CREATED
UPDATED
ADVISORY ID
BIT-python-2026-4224
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6mediumBitnami
CREATED
UPDATED
ADVISORY ID
BIT-python-min-2026-4224
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2026-4224
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.9mediumRocky
CREATED
UPDATED
ADVISORY IDRLSA-2026:10950
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighRocky
CREATED
UPDATED
ADVISORY IDRLSA-2026:19019
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighRocky
CREATED
UPDATED
ADVISORY IDRLSA-2026:19064
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighRocky
CREATED
UPDATED
ADVISORY IDRLSA-2026:19176
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighRocky
CREATED
UPDATED
ADVISORY IDRLSA-2026:19177
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighOracle
CREATED
UPDATED
ADVISORY IDELSA-2026-10950
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighOracle
CREATED
UPDATED
ADVISORY IDELSA-2026-19176
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighOracle
CREATED
UPDATED
ADVISORY IDELSA-2026-19177
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighChainguard
CREATED
UPDATED
ADVISORY ID
CGA-pc6g-f7g9-qmgw
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Photon
CREATED
UPDATED
ADVISORY ID
CVE-2026-4224
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5highminimos
CREATED
UPDATED
ADVISORY ID
MINI-53h7-9mwx-5cvh
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-57m4-ch2q-7q76
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-c4g9-p3xf-8gpq
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-g56x-qqhr-j2wr
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-vmcj-5q2w-f625
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-