CVE Catalog

CVE-2026-41080

LowCVSS 2.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile — higher than 2% of all known CVEs

Summary

libexpat before 2.8.0 uses insufficient entropy, which can lead to hash flooding attacks via a crafted XML document.

Risk Assessment

An attacker could exploit this vulnerability to overload the system, potentially leading to denial of service or other performance issues.

Recommendation

It is recommended to upgrade libexpat to version 2.8.0 or later to mitigate this vulnerability.

Original NVD description (English source)

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS