CVE-2026-45186 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.9 LOW	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Affected Products (NVD)

Vendor	Product	Version
libexpat_project	libexpat	𝑥 < 2.8.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

expat

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	2.8.1-1 fixed
sid	2.8.1-1 fixed
trixie	vulnerable

Red Hat Enterprise Linux Releases

Red Hat Product

Release

expat

RHEL 8	0:2.5.0-2.el8_10 fixed
RHEL 9	0:2.5.0-6.el9_8.1 fixed

expat-devel

RHEL 8	0:2.5.0-2.el8_10 fixed
RHEL 9	0:2.5.0-6.el9_8.1 fixed

Amazon Linux Releases

Amazon Package

Release

firefox

Amazon Linux 2023

0:140.10.2-1.amzn2023.0.3

fixed

firefox-debuginfo

Amazon Linux 2023

0:140.10.2-1.amzn2023.0.3

fixed

firefox-debugsource

Amazon Linux 2023

0:140.10.2-1.amzn2023.0.3

fixed

thunderbird

Amazon Linux 2

0:140.10.2-1.amzn2.0.2

fixed

Known Exploits!

https://github.com/libexpat/libexpat/pull/1216

Common Weakness Enumeration

CWE-407 - Inefficient Algorithmic Complexity
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

Vulnerability Media Exposure

[GERMAN] expat: Schwachstelle ermöglicht Denial of Service
Ein lokaler Angreifer kann eine Schwachstelle in expat ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2026-05-10T22:00:00+00:00

References

https://github.com/libexpat/libexpat/pull/1216

http://www.openwall.com/lists/oss-security/2026/05/11/16