CVE-2026-4224

Stack overflow parsing XML with deeply nested DTD content models

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.

We have discovered 487 live websites that are affected by CVE-2026-4224.

Run a Free Instant Scan



Affected Software

Product  CPython
Category Programming Languages
Vulnerable Domains487 live websites (100% of CPython install base)
Vulnerable Versions
  • from 0 through 3.15
Vulnerable Versions Count74 versions ( 100% of all versions)



Details

  • Published - Mar 16, 2026
  • Updated - Mar 16, 2026

Credits

  • Gil Portnoy (reporter)
  • Stan Ulbrych (remediation developer)
  • Bénédikt Tran (remediation reviewer)
  • Stan Ulbrych (coordinator)

Website Distribution by Country

Number of websites using CVE-2026-4224
United States163 websites


Germany58 websites
Singapore28 websites
India21 websites
France19 websites
Russia19 websites
China13 websites
Brazil11 websites
GB11 websites
Australia10 websites

Website Distribution by TLD

Number of websites using CVE-2026-4224
.com170 websites
.org50 websites
.dk25 websites
.de20 websites
.net18 websites
.edu10 websites
.nl9 websites
.fr8 websites
.ru8 websites
.ch7 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2026-4224

Top websites that are affected by CVE-2026-4224. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**********.com United States**,***
*******.***.org Germany***,***
*****.org Germany***,***
***********.org Australia***,***
****.***********.***.au Australia***,***
********.org Nepal***,***
*******.org Australia***,***
*****.*****.de Germany***,***
********.***.***.gr Greece***,***
***.********.it Italy***,***
See full domain list

FAQ

A total of 487 websites have been identified as vulnerable to CVE-2026-4224, based on global website indexing conducted by WebTechSurvey.
The CPython is affected by the CVE-2026-4224 vulnerability.
CPython versions up to 3.15 are vulnerable to CVE-2026-4224.
CVE-2026-4224 is resolved in version 3.15 of CPython.