CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-7210 — `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Exp...

·Source: NIST NVD

Updated:

Executive Summary

`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.

Analysis

`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch. CVSS Score: 9.8. Published: 2026-05-11T18:16:42.413.

Indicators of Compromise (1)

CVE (1)
CVE-2026-7210
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 11, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Aon to modernize how brokers access capital and syndicate risk

Aon plc (NYSE: AON), a leading global professional services firm, today announced plans to launch Aon Digital Placement Exchange (Aon DPX), a new digital trading platform designed to modernize how brokers access capital and syndicate risk.

Finextra
CRITICALVulnerabilityNEW

Exploitation of Critical NGINX Vulnerability Begins

The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek .

SecurityWeek
LOWVulnerabilityNEWPOC

Exploit available for new DirtyDecrypt Linux root escalation flaw

A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. [...]

BleepingComputer