CVE-2026-0992
LowCVSS 2.9Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A flaw was found in the libxml2 library where uncontrolled resource consumption occurs when processing XML catalogs with repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing redundant traversal of catalog chains.
Risk Assessment
Exploitation leads to excessive CPU consumption, significantly degrading application availability and resulting in a denial-of-service (DoS) condition.
Recommendation
Update libxml2 to the latest patched version immediately. If updating is not possible, restrict processing of untrusted XML catalogs.
Original NVD description (English source)
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

