From b46710a81872dcdfc057114589d1849d07225bc4 Mon Sep 17 00:00:00 2001
From: Akshat Singh Jaswal <sja.akshat@gmail.com>
Date: Tue, 17 Feb 2026 16:28:07 +0530
Subject: [PATCH] fix exponential expansion DoS via duplicate merge key aliases

---
 lib/yaml/constructor.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/yaml/constructor.py b/lib/yaml/constructor.py
index 619acd307..cf9197190 100644
--- a/lib/yaml/constructor.py
+++ b/lib/yaml/constructor.py
@@ -189,12 +189,16 @@ def flatten_mapping(self, node):
                     merge.extend(value_node.value)
                 elif isinstance(value_node, SequenceNode):
                     submerge = []
+                    seen = set()
                     for subnode in value_node.value:
                         if not isinstance(subnode, MappingNode):
                             raise ConstructorError("while constructing a mapping",
                                     node.start_mark,
                                     "expected a mapping for merging, but found %s"
                                     % subnode.id, subnode.start_mark)
+                        if id(subnode) in seen:
+                            continue
+                        seen.add(id(subnode))
                         self.flatten_mapping(subnode)
                         submerge.append(subnode.value)
                     submerge.reverse()