CVE-2026-4224
Public on 2026-03-16
Modified on 2026-03-18
Description
When an Expat parser with a registered ElementDeclHandler parses an inline
document type definition containing a deeply nested content model a C stack
overflow occurs.
document type definition containing a deeply nested content model a C stack
overflow occurs.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | python | 2026-04-01 | ALAS2-2026-3218 | Fixed |
| Amazon Linux 2 - Core | python3 | 2026-04-01 | ALAS2-2026-3217 | Fixed |
| Amazon Linux 2023 | python3.11 | 2026-04-30 | ALAS2023-2026-1620 | Fixed |
| Amazon Linux 2023 | python3.12 | 2026-04-30 | ALAS2023-2026-1619 | Fixed |
| Amazon Linux 2023 | python3.13 | 2026-04-30 | ALAS2023-2026-1600 | Fixed |
| Amazon Linux 2023 | python3.14 | 2026-04-30 | ALAS2023-2026-1617 | Fixed |
| Amazon Linux 2023 | python3.9 | 2026-04-13 | ALAS2023-2026-1583 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |