CVE Vulnerabilities

CVE-2026-15308

Uncontrolled Resource Consumption

Published: Jul 09, 2026 | Modified: Jul 10, 2026
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.

Weakness

The product does not properly control the allocation and maintenance of a limited resource.

Affected Software

NameVendorStart VersionEnd Version
PythonPython*3.15.0 (excluding)
Red Hat Hardened ImagesRedHatpython3-14-main-3.14.6-1.3.hum1*
Red Hat Hardened ImagesRedHatpython3-13-main-3.13.14-1.3.hum1*
Red Hat Hardened ImagesRedHatpython3-12-main-3.12.13-3.5.hum1*
Red Hat Hardened ImagesRedHatpython3-11-main-3.11.15-5.2.hum1*

Potential Mitigations

  • Mitigation of resource exhaustion attacks requires that the target system either:

  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.

  • The second solution is simply difficult to effectively institute – and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.

References