GHSA-2wc2-fm75-p42x: Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists
Summary
Soupsieve (the CSS selector engine for Beautiful Soup 4) has a memory exhaustion vulnerability where the CSS parser allocates unbounded memory when compiling large comma-separated selector lists. An attacker can supply a crafted CSS selector string to `soupsieve.compile()` or Beautiful Soup's `.select()` method to cause the application to allocate hundreds of megabytes of memory from a small input, leading to denial of service (making the application unavailable by consuming all available memory).
Vulnerability Details
EPSS: 0.0%
Yes
July 9, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://github.com/advisories/GHSA-2wc2-fm75-p42x
First tracked: July 9, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%