CVE Catalog
CVE-2026-32777
MediumCVSS 4.0Exploitation Probability (EPSS)
Low risk0.22%
12th percentile - higher than 12% of all known CVEs
Summary
The libexpat library before version 2.7.5 contains a vulnerability that causes an infinite loop while parsing DTD content. An attacker can provide specially crafted input, leading to application hang.
Risk Assessment
The risk involves a potential Denial of Service (DoS) attack on applications using libexpat, which may result in service unavailability for users.
Recommendation
It is recommended to immediately update the libexpat library to version 2.7.5 or later, which fixes this vulnerability.
Original NVD description (English source)
libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

