CVE-2026-41080

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.7.6

Description The software uses insufficient entropy, which allows hash flooding to occur through a specially crafted XML document. Hash flooding is a technique where many different inputs are designed to produce the same hash value, causing a collision that degrades the performance of hash tables.

Recommendations Update to version 2.7.6.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331

Related Identifiers

CVE-2026-41080

ECHO-35D6-A603-460E

OESA-2026-2293

OESA-2026-2294

OESA-2026-2295

OPENSUSE-SU-2026:10787-1

RHSA-2026:11004

Affected Products

Libexpat

CVE-2026-41080

Weakness Enumeration

Related Identifiers

Affected Products

References · 25