CVE-2026-0992
EUVD-2026-279515.01.2026, 15:15
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| redhat | hardened_images | - |
| redhat | jboss_core_services | - |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| ibm | vios | 4.1.0 ≤ 𝑥 < 4.1.1.30 |
| ibm | vios | 4.1.2.0 |
| ibm | aix | 7.2.5 ≤ 𝑥 < 7.2.5.12 |
| ibm | aix | 7.3.2 ≤ 𝑥 < 7.3.3.3 |
| ibm | aix | 7.3.4 |
| xmlsoft | libxml2 | 𝑥 < 2.15.2 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| libxml2-2 |
| ||||||||||
| libxml2-2-32bit |
| ||||||||||
| libxml2-devel |
| ||||||||||
| libxml2-doc |
| ||||||||||
| libxml2-tools |
| ||||||||||
| python-libxml2 |
| ||||||||||
| python3-libxml2 |
| ||||||||||
| python311-libxml2 |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| libxml2 |
| ||||
| libxml2-debuginfo |
| ||||
| libxml2-debugsource |
| ||||
| libxml2-devel |
| ||||
| libxml2-python |
| ||||
| libxml2-static |
| ||||
| python3-libxml2 |
| ||||
| python3-libxml2-debuginfo |
|
Azure Linux Releases