CVE-2026-41080

Published Apr 16, 2026

Last updated a month ago

CVSS low 2.9

Overview

Description
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Source
cve@mitre.org
NVD status
Modified
Products
libexpat

Risk scores

CVSS 3.1

Type
Secondary
Base score
2.9
Impact score
1.4
Exploitability score
1.4
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity
LOW

Weaknesses

cve@mitre.org
CWE-331

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,CVE-2026-50219
  2. In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.CVE-2026-45186
  3. libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.CVE-2026-32778
  4. libexpat before 2.7.5 allows an infinite loop while parsing DTD content.CVE-2026-32777
  5. libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776

References

Sources include official advisories and independent security research.