CVE-2026-45186

Published May 10, 2026

Last updated 24 days ago

CVSS low 2.9

Overview

Description
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
Source
cve@mitre.org
NVD status
Analyzed
Products
libexpat

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-407

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,CVE-2026-50219
  2. libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080
  3. libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.CVE-2026-32778
  4. libexpat before 2.7.5 allows an infinite loop while parsing DTD content.CVE-2026-32777
  5. libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776

References

Sources include official advisories and independent security research.