Bug 2448181 (CVE-2026-4224)

Summary: CVE-2026-4224 cpython: Stack overflow parsing XML with deeply nested DTD content models
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bbrownin, dfreiber, drow, jburrell, ljawale, luizcosta, nweather, rbobbitt, teagle, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2448203, 2448209, 2448210, 2448201, 2448202, 2448204, 2448205, 2448206, 2448207, 2448208    
Bug Blocks:    

Description OSIDB Bzimport 2026-03-16 19:02:18 UTC 
When an Expat parser with a registered ElementDeclHandler parses an inline
document type definition containing a deeply nested content model a C stack
overflow occurs.
Comment 5 errata-xmlrpc 2026-04-27 14:54:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:10950 https://access.redhat.com/errata/RHSA-2026:10950
Comment 6 errata-xmlrpc 2026-05-19 13:02:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19019 https://access.redhat.com/errata/RHSA-2026:19019
Comment 7 errata-xmlrpc 2026-05-19 13:07:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19064 https://access.redhat.com/errata/RHSA-2026:19064
Comment 8 errata-xmlrpc 2026-05-19 17:59:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19176 https://access.redhat.com/errata/RHSA-2026:19176
Comment 9 errata-xmlrpc 2026-05-19 17:59:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19177 https://access.redhat.com/errata/RHSA-2026:19177