CVE Catalog

CVE-2026-32777

MediumCVSS 4.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile - higher than 12% of all known CVEs

Summary

The libexpat library before version 2.7.5 contains a vulnerability that causes an infinite loop while parsing DTD content. An attacker can provide specially crafted input, leading to application hang.

Risk Assessment

The risk involves a potential Denial of Service (DoS) attack on applications using libexpat, which may result in service unavailability for users.

Recommendation

It is recommended to immediately update the libexpat library to version 2.7.5 or later, which fixes this vulnerability.

Original NVD description (English source)

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS