CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-55865

unknowncovered by 1 sourcefirst seen 2026-07-09
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed {% case %} tag without an associated {% when %} or {% else %} block and no terminating {% endcase %} tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give the EOF token matching kind and value fields, allowing malicious template authors to craft templates for a denial of service attack. This issue is fixed in version 2.2.1.

⚡ Watch CVE-2026-55865

Get an email if CVE-2026-55865 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-55865

CVE.org record

Embed the live status

CVE-2026-55865 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-55865 status](https://www.csirts.com/badge/CVE-2026-55865)](https://www.csirts.com/cve/CVE-2026-55865)