CVE Catalog

CVE-2026-45186

LowCVSS 2.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

34th percentile — higher than 34% of all known CVEs

Summary

In libexpat before version 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

Risk Assessment

An attacker can exploit this vulnerability to overload a server or application processing XML data, leading to service unavailability for legitimate users.

Recommendation

Immediately update libexpat to version 2.8.1 or later, which includes a fix that eliminates the excessive computational complexity issue.

Original NVD description (English source)

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS