MEDIUM
GOVCERT-LU
CVE published 2026-05-26
CVE-2026-44844
A medium-severity vulnerability in the eml_parser Python library allows attackers to cause denial of service through recursive parsing of nested message/rfc822 attachments. The issue stems from unconditional recursion in EmlParser.get_raw_body_text() without depth limiting, enabling a 12 KB crafted EML file with approximately 120 nested parts to trigger an unhandled RecursionError and crash parsing worker [truncated]