CVE-2026-7210

ADVISORY - nist

Summary

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.

EPSS Score⁠: 0.0079 (0.515)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-331⁠

Insufficient Entropy

Impacted images

Advisories

Docker

CREATED

1 month ago

UPDATED

9 days ago

ADVISORY ID

CVE-2026-7210

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
python	dhi	-	-	<3.13.14	3.13.14
alpine/python-3.10	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.10	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.10	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.11	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.11	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.11	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.12	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.12	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.12	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.13	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.13	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.13	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.14	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.14	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.14	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.10	deb	debian	13	<3.13.14	3.13.14
debian/python-3.10	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.10	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.11	deb	debian	13	<3.13.14	3.13.14
debian/python-3.11	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.11	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.12	deb	debian	13	<3.13.14	3.13.14
debian/python-3.12	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.12	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.13	deb	debian	13	<3.13.14	3.13.14
debian/python-3.13	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.13	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.14	deb	debian	13	<3.13.14	3.13.14
debian/python-3.14	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.14	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
python	dhi	-	-	>=3.14.0-alpha1,<3.14.6	3.14.6
python	dhi	-	-	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

1 month ago

UPDATED

4 days ago

ADVISORY IDCVE-2026-7210⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-331⁠

CVSS SCORE

6.3medium

Debian

CREATED

1 month ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-7210⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 month ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-7210⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

Amazon

CREATED

11 days ago

UPDATED

11 days ago

ADVISORY IDALAS2023-2026-1774⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

14 days ago

UPDATED

1 day ago

ADVISORY ID

BIT-libpython-2026-7210

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.3medium

Bitnami

CREATED

14 days ago

UPDATED

1 day ago

ADVISORY ID

BIT-python-2026-7210

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.3medium

Bitnami

CREATED

14 days ago

UPDATED

1 day ago

ADVISORY ID

BIT-python-min-2026-7210

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.3medium

Chainguard

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY ID

CGA-4p82-rx99-f2mg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY ID

CVE-2026-7210

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-38m8-ccm9-6cff

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

23 hours ago

UPDATED

23 hours ago

ADVISORY ID

MINI-3jm4-x46w-pwh7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-jm8j-3j39-x6vj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-pqp6-xp34-p3mw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-wvjr-8g2f-8rw6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY