CVE-2026-4224

NONECVSS 0.0

0.0

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.

CVSS v3: —
EG Score: 0.0(none)
EPSS: 15.8%
KEV: Not listed

Published

March 16, 2026

Last Modified

April 8, 2026

References (9)

cna@pythonhttps://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a
cna@pythonhttps://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785
cna@pythonhttps://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee
cna@pythonhttps://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3
cna@pythonhttps://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768
cna@pythonhttps://github.com/python/cpython/issues/145986
cna@pythonhttps://github.com/python/cpython/pull/145987
cna@pythonhttps://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2026/03/16/4

Vendor Advisories for CVE-2026-4224(9)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Patch Availability(9)

Vendor / Ecosystem	Fixed in / Patch	Released	Source
redhat	python3.12-0:3.12.13-2.el10_2	2026-05-19	redhat
redhat	python3.12-0:3.12.13-2.el9_8	2026-05-19	redhat
redhat	python3.14-0:3.14.4-2.el9_8	2026-05-19	redhat
redhat	python3.14-0:3.14.4-2.el10_2	2026-05-19	redhat
redhat	python3.12-0:3.12.13-2.el8_10	2026-04-27	redhat
redhat	python3-11-main-3.11.15-4.hum1	2026-04-17	redhat
redhat	python3-12-main-3.12.13-3.hum1	2026-04-17	redhat
redhat	python3-14-main-3.14.4-1.hum1	2026-04-11	redhat
redhat	python3-13-main-3.13.13-1.hum1	2026-04-10	redhat

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Additional Vendor Advisories

(2)

Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.

Data Freshness Timeline

(refreshed 12× in last 7d / 20× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-06-02 20:13 UTCepss_batch
2026-06-01 13:52 UTCepss_batch
2026-06-01 13:52 UTCepss_batch
2026-06-01 08:43 UTCOSV refresh
2026-05-31 22:30 UTCepss_batch
2026-05-31 22:30 UTCepss_batch
2026-05-31 00:16 UTCepss_batch
2026-05-31 00:16 UTCepss_batch
2026-05-29 13:44 UTCepss_batch
2026-05-29 13:44 UTCepss_batch
2026-05-28 13:44 UTCepss_batch
2026-05-28 13:44 UTCepss_batch
2026-05-27 13:40 UTCepss_batch
2026-05-27 13:40 UTCepss_batch
2026-05-26 13:44 UTCepss_batch
2026-05-26 07:18 UTCepss_batch
2026-05-21 22:43 UTCepss_batch
2026-05-20 22:38 UTCepss_batch
2026-05-20 21:03 UTCEG score recompute
2026-05-20 21:03 UTCVendor advisory

Frequently asked(4)

What is CVE-2026-4224?

CVE-2026-4224 is a none vulnerability published on March 16, 2026. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.

When was CVE-2026-4224 disclosed?

CVE-2026-4224 was first published in the National Vulnerability Database on March 16, 2026, with the most recent update on April 8, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2026-4224 actively exploited?

CVE-2026-4224 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 15.8% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

How do I remediate CVE-2026-4224?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-4224, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-4224

Explore →

Is Your Infrastructure Affected by CVE-2026-4224?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2026-4224

📅 Published

🔄 Last Modified

🔗 References (9)

📣 Vendor Advisories for CVE-2026-4224(9)