CVE-2026-0989

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions libxml2 (affected versions not specified)

Description The RelaxNG parser in libxml2 does not limit the depth of external schema inclusions when resolving nested <include> directives. This can lead to excessive recursion during parsing with specially crafted or complex schemas, potentially causing stack exhaustion and application crashes, resulting in a denial-of-service condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

AZL-74775

AZL-74786

BDU:2026-03633

CVE-2026-0989

ECHO-8419-807A-4B8D

MGASA-2026-0027

OESA-2026-1598

OPENSUSE-SU-2026:10085-1

OPENSUSE-SU-2026:20178-1

RHSA-2026:7519

SUSE-SU-2026:0334-1

SUSE-SU-2026:0336-1

SUSE-SU-2026:0391-1

SUSE-SU-2026:0605-1

SUSE-SU-2026:0606-1

SUSE-SU-2026:20233-1

SUSE-SU-2026:20234-1

SUSE-SU-2026:20353-1

SUSE-SU-2026:20372-1

SUSE-SU-2026:20657-1

SUSE-SU-2026:20707-1

USN-7974-1

Affected Products

Linuxmint

Red Os

Ubuntu

Libxml2

CVE-2026-0989

Weakness Enumeration

Related Identifiers

Affected Products

References · 82