CVE-2026-0992

CVSS v3.1

2.9

Low

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions libxml2 (affected versions not specified)

Description An issue exists in the libxml2 library related to uncontrolled resource consumption. The problem occurs when processing XML catalogs containing repeated <nextCatalog> elements that point to the same downstream catalog. An attacker can exploit this by providing crafted catalogs, causing the parser to repeatedly traverse catalog chains. This leads to excessive CPU usage and can result in a denial-of-service condition. The issue degrades application availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

AZL-74778

AZL-74783

BDU:2026-03632

CVE-2026-0992

ECHO-6716-1C27-CA2E

MGASA-2026-0027

OESA-2026-1598

OPENSUSE-SU-2026:10213-1

OPENSUSE-SU-2026:20312-1

RHSA-2026:7519

SUSE-SU-2026:0568-1

SUSE-SU-2026:0570-1

SUSE-SU-2026:0605-1

SUSE-SU-2026:0606-1

SUSE-SU-2026:0782-1

SUSE-SU-2026:20631-1

SUSE-SU-2026:20647-1

SUSE-SU-2026:20657-1

SUSE-SU-2026:20707-1

USN-7974-1

Affected Products

Linuxmint

Red Os

Ubuntu

Libxml2

CVE-2026-0992

Weakness Enumeration

Related Identifiers

Affected Products

References · 79