diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
index bf6d5074fdebd8..f65baa0cfae2ad 100644
--- a/Lib/test/test_xml_etree.py
+++ b/Lib/test/test_xml_etree.py
@@ -1749,6 +1749,8 @@ def __next__(self):
     def test_unknown_event(self):
         with self.assertRaises(ValueError):
             ET.XMLPullParser(events=('start', 'end', 'bogus'))
+        with self.assertRaisesRegex(ValueError, "unknown event 'bogus'"):
+            ET.XMLPullParser(events=(x.decode() for x in (b'start', b'end', b'bogus')))
 
     @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
                      f'Expat {pyexpat.version_info} does not '
diff --git a/Misc/NEWS.d/next/Library/2025-09-21-15-58-57.gh-issue-139210.HGbMvz.rst b/Misc/NEWS.d/next/Library/2025-09-21-15-58-57.gh-issue-139210.HGbMvz.rst
new file mode 100644
index 00000000000000..1227b29a68a9d7
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-09-21-15-58-57.gh-issue-139210.HGbMvz.rst
@@ -0,0 +1 @@
+Fix use-after-free when reporting unknown event in :func:`xml.etree.ElementTree.iterparse`. Patch by Ken Jin.
diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c
index b9e12ab2026f65..9263f14b57f972 100644
--- a/Modules/_elementtree.c
+++ b/Modules/_elementtree.c
@@ -4214,8 +4214,8 @@ _elementtree_XMLParser__setevents_impl(XMLParserObject *self,
                 (XML_ProcessingInstructionHandler) expat_pi_handler
                 );
         } else {
-            Py_DECREF(events_seq);
             PyErr_Format(PyExc_ValueError, "unknown event '%s'", event_name);
+            Py_DECREF(events_seq);
             return NULL;
         }
     }