CVE-2026-0992

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-0992
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

2.9 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2026:7519
https://access.redhat.com/security/cve/CVE-2026-0992
https://bugzilla.redhat.com/show_bug.cgi?id=2429975
https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019
Configurations

No configuration.

History

22 Apr 2026, 10:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:7519 -

09 Apr 2026, 18:16

Type Values Removed Values Added
References
  • () https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 -
Summary
  • (es) Se encontró una falla en la biblioteca libxml2. Esta vulnerabilidad de consumo de recursos no controlado ocurre al procesar catálogos XML que contienen elementos repetidos que apuntan al mismo catálogo descendente. Un atacante remoto puede explotar esto al proporcionar catálogos manipulados, lo que hace que el analizador recorra redundantemente las cadenas de catálogos. Esto conduce a un consumo excesivo de CPU y degrada la disponibilidad de la aplicación, lo que resulta en una condición de denegación de servicio.

15 Jan 2026, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-15 15:15

Updated : 2026-04-22 10:16

NVD link : CVE-2026-0992

Mitre link : CVE-2026-0992

CVE.ORG link : CVE-2026-0992

JSON object : View

Products Affected

No product.

CWE
CWE-400

Uncontrolled Resource Consumption