Product
A memory exhaustion vulnerability (CVE-2026-49476) in the soupsieve CSS selector parser, an indirect dependency of Beautiful Soup 4, allows an unauthenticated attacker to cause a denial of service by supplying a crafted, large comma-separated CSS selector string to applications using `soupsieve.compile()` or Beautiful Soup's `.select()`/`.select_one()`, leading to unbounded memory allocation and system resource exhaustion.