CVE-2026-0990

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libxml2 (affected versions not specified)

Description An uncontrolled recursion issue exists in libxml2, an XML parsing library, specifically within the xmlCatalogXMLResolveURI function. This occurs when an XML catalog includes a delegate URI entry that points to itself. An attacker can exploit this by supplying a crafted XML catalog, causing infinite recursion and call stack exhaustion. This results in a segmentation fault, leading to a Denial of Service (DoS) by crashing applications.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

AZL-74772

AZL-74780

BDU:2026-03631

CVE-2026-0990

ECHO-7B93-F475-2A93

MGASA-2026-0027

OESA-2026-1598

OPENSUSE-SU-2026:10213-1

OPENSUSE-SU-2026:20312-1

RHSA-2026:7519

SUSE-SU-2026:0568-1

SUSE-SU-2026:0570-1

SUSE-SU-2026:0605-1

SUSE-SU-2026:0606-1

SUSE-SU-2026:0782-1

SUSE-SU-2026:20631-1

SUSE-SU-2026:20647-1

SUSE-SU-2026:20657-1

SUSE-SU-2026:20707-1

USN-7974-1

Affected Products

Linuxmint

Red Os

Ubuntu

Libxml2

CVE-2026-0990

Weakness Enumeration

Related Identifiers

Affected Products

References · 79