{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-41080", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-16T16:52:00.655Z", "datePublished": "2026-04-16T16:52:01.177Z", "dateUpdated": "2026-04-16T16:56:59.212Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "libexpat", "vendor": "libexpat project", "versions": [{"lessThan": "2.7.6", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-331", "description": "CWE-331 Insufficient Entropy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-16T16:56:59.212Z"}, "references": [{"url": "https://github.com/libexpat/libexpat/pull/1183"}, {"url": "https://github.com/libexpat/libexpat/issues/47"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.7.6"}]}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document."}], "id": "CVE-2026-41080", "lastModified": "2026-04-17T15:38:09.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-04-16T17:16:54.917", "references": [{"source": "cve@mitre.org", "url": "https://github.com/libexpat/libexpat/issues/47"}, {"source": "cve@mitre.org", "url": "https://github.com/libexpat/libexpat/pull/1183"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-331"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML", "id": "2458967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458967"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-331", "details": ["A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a specially crafted XML document that leverages insufficient entropy in the hash function. This can lead to hash flooding, a type of Denial of Service (DoS) attack, where the system becomes unresponsive or crashes due to excessive resource consumption."], "mitigation": {"lang": "en:us", "value": "Applications that process untrusted XML documents using libexpat should implement robust input validation to filter out malicious XML structures. Restricting access to services that process untrusted XML can also reduce the attack surface. If a service is affected, restarting it may be required after implementing input validation or access restrictions."}, "name": "CVE-2026-41080", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "compat-expat1", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-expat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-16T16:52:01Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-41080\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41080\nhttps://github.com/libexpat/libexpat/issues/47\nhttps://github.com/libexpat/libexpat/pull/1183"], "statement": "This Low impact denial of service flaw in libexpat could allow a remote attacker to cause the program consuming libexpat to become unresponsive or crash. This vulnerability requires the processing of a specially crafted XML document, which could lead to excessive resource consumption due to hash flooding.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.7.6)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "libexpat", "source": "cna", "vendor": "libexpat project"}, "product": "libexpat", "vendor": "libexpat_project"}], "analysis": {"en": {"generated_at": "2026-04-17T03:23:06.898152+00:00", "value": {"mitigation_remediation": ["Upgrade libexpat to version 2.7.6 or later.", "If an upgrade is not feasible, replace or disable the library for processing untrusted XML.", "Implement resource limits or sandboxing around XML parsing to mitigate hash\u2011flooding attacks."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all installations of the libexpat project with the libexpat library prior to version 2.7.6. Any software that links against these older releases is potentially vulnerable if it processes XML input from untrusted sources.", "description_and_impact": "The libexpat library, when used in versions older than 2.7.6, relies on an inadequate entropy source for its hash function. This weakness permits attackers to craft XML documents that deliberately trigger hash collisions, causing the parser to expend excessive time and resources. The primary consequence is a denial\u2011of\u2011service condition as the application becomes unresponsive or exhausts memory.\n\nThe issue stems from CWE\u2011331, which marks the failure to incorporate sufficient randomness in hash generation.", "risk_and_exploitability": "The CVSS score for this weakness is 2.9, indicating a low overall risk. No publicly available exploit probability score is published, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need to supply a crafted XML document to a system using the vulnerable libexpat version; the attack is predominantly a local or remote denial of service, depending on how the library is utilized."}}}}, "created": "2026-04-16T19:15:05.727881+00:00", "updated": "2026-04-17T03:30:08.590323+00:00", "vendors": ["libexpat_project", "libexpat_project$PRODUCT$libexpat"]}