CVE-2026-0990
EUVD-2026-279715.01.2026, 15:15
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| redhat | hardened_images | - |
| redhat | jboss_core_services | - |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| ibm | vios | 4.1.0 ≤ 𝑥 < 4.1.1.30 |
| ibm | vios | 4.1.2.0 |
| ibm | aix | 7.2.5 ≤ 𝑥 < 7.2.5.12 |
| ibm | aix | 7.3.2 ≤ 𝑥 < 7.3.3.3 |
| ibm | aix | 7.3.4 |
| xmlsoft | libxml2 | 𝑥 < 2.15.2 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| libxml2-2 |
| ||||||||||
| libxml2-2-32bit |
| ||||||||||
| libxml2-devel |
| ||||||||||
| libxml2-doc |
| ||||||||||
| libxml2-tools |
| ||||||||||
| python-libxml2 |
| ||||||||||
| python3-libxml2 |
| ||||||||||
| python311-libxml2 |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| libxml2 |
| ||||
| libxml2-debuginfo |
| ||||
| libxml2-debugsource |
| ||||
| libxml2-devel |
| ||||
| libxml2-python |
| ||||
| libxml2-static |
| ||||
| python3-libxml2 |
| ||||
| python3-libxml2-debuginfo |
|
Azure Linux Releases
Common Weakness Enumeration