CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-49476

highCVSS 7.5covered by 1 sourcefirst seen 2026-07-09
Summary The CSS selector parser in soupsieve (the CSS selector engine for Beautiful Soup 4) allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to soupsieve.compile() or Beautiful Soup's .select() / .select_one() can cause the application to allocate hundreds of megabytes of heap memory from a relatively small input, leading to memory exhaustion and denial of service. To be completely transparent, AI tools helped surface this issue. However, it was independently reproduced and carefully validated. Researchers follow responsible disclosure practices and originally shared this report privately. A 500 KB selector string triggers allocation of approximately 244 MB of heap memory - a 488x— amplification ratio. Details Affected code:** soupsieve/css_parser.py, lines ~204, 925, 1106 The soupsieve CSS parser splits comma-separated selector lists and creates one CSSSelector object per list item. Each CSSSelector object contains parsed selector data structures including SelectorList, Selector, and associated tag/attribute/pseudo-class metadata. When a selector string such as a,a,a,... (with 250,000 comma-separated items) is passed to sv.compile(), the parser: 1. Tokenises the entire string and identifies each comma-delimited segment (line ~1106) 2. Parses each segment into a full Selector object with all associated metadata (line ~925) 3. Stores all parsed selectors in a SelectorList (line ~204) Root cause: No limit is enforced on the number of selectors in a comma-separated list. The parser will attempt to parse and store an arbitrary number of selectors, with each selector object consuming approximately 976 bytes of heap memory. The total allocation scales linearly with the number of list items, but the amplification ratio (output memory / input bytes) is extremely high because each single-character selector like a expands into a complex object graph. Attack surface: Any applicati

⚡ Watch CVE-2026-49476

Get an email if CVE-2026-49476 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-49476

CVE.org record

Embed the live status

CVE-2026-49476 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-49476 status](https://www.csirts.com/badge/CVE-2026-49476)](https://www.csirts.com/cve/CVE-2026-49476)