CVE Catalog
CVE-2026-45186
LowCVSS 2.9Exploitation Probability (EPSS)
Low risk0.43%
34th percentile — higher than 34% of all known CVEs
Summary
In libexpat before version 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
Risk Assessment
An attacker can exploit this vulnerability to overload a server or application processing XML data, leading to service unavailability for legitimate users.
Recommendation
Immediately update libexpat to version 2.8.1 or later, which includes a fix that eliminates the excessive computational complexity issue.
Original NVD description (English source)
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

