CVE Catalog

CVE-2026-0992

LowCVSS 2.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A flaw was found in the libxml2 library where uncontrolled resource consumption occurs when processing XML catalogs with repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing redundant traversal of catalog chains.

Risk Assessment

Exploitation leads to excessive CPU consumption, significantly degrading application availability and resulting in a denial-of-service (DoS) condition.

Recommendation

Update libxml2 to the latest patched version immediately. If updating is not possible, restrict processing of untrusted XML catalogs.

Original NVD description (English source)

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS