CVE-2026-7210
ADVISORY - nistSummary
xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.
Common Weakness Enumeration (CWE)
ADVISORY - nist
Insufficient Entropy
Docker
CREATED
UPDATED
ADVISORY ID
CVE-2026-7210
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| python | dhi | - | - | >=0 | Not yet available |
| alpine/python-3.10 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.11 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.12 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.13 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.14 | apk | alpine | 3.23 | >=0 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-7210
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.3mediumUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-7210
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-