CVE Catalog
CVE-2026-41080
LowCVSS 2.9Exploitation Probability (EPSS)
Low risk0.01%
2th percentile — higher than 2% of all known CVEs
Summary
libexpat before 2.8.0 uses insufficient entropy, which can lead to hash flooding attacks via a crafted XML document.
Risk Assessment
An attacker could exploit this vulnerability to overload the system, potentially leading to denial of service or other performance issues.
Recommendation
It is recommended to upgrade libexpat to version 2.8.0 or later to mitigate this vulnerability.
Original NVD description (English source)
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

