SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted SOAP request containing a large number of nested entity references.
"https://github.com/pypa/advisory-database/blob/main/vulns/soappy/PYSEC-2026-923.yaml"