CVE-2026-7210: The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-May

Released

2026-05-15

Last Updated

2026-06-28

EPSS Score

0.79% (percentile: 51.7%)

Affected Products (5)

Open Source Software

• azl3 python3 3.12.9-10 on Azure Linux 3.0
• azl3 expat 2.6.4-6 on Azure Linux 3.0

Other

• 21379-17084
• 21492-17084
• 21021-17084

Revision History

• 2026-05-15: Information published.
• 2026-05-17: Information published.
• 2026-05-18: Information published.
• 2026-05-19: Information published.
• 2026-05-30: Information published.
• 2026-06-03: Information published.
• 2026-06-28: Information published.