CVE-2026-41080

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-41080
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

2.9 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://blog.hartwork.org/posts/expat-2-8-0-released/ Release Notes
https://github.com/libexpat/libexpat/issues/47 Issue Tracking
https://github.com/libexpat/libexpat/pull/1183 Issue Tracking Patch
https://www.openwall.com/lists/oss-security/2026/04/26/1 Mailing List
http://www.openwall.com/lists/oss-security/2026/04/26/1 Mailing List
Configurations

Configuration 1 (hide)

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
History

12 Jun 2026, 18:43

Type Values Removed Values Added
References () https://blog.hartwork.org/posts/expat-2-8-0-released/ - () https://blog.hartwork.org/posts/expat-2-8-0-released/ - Release Notes
References () https://www.openwall.com/lists/oss-security/2026/04/26/1 - () https://www.openwall.com/lists/oss-security/2026/04/26/1 - Mailing List
References () http://www.openwall.com/lists/oss-security/2026/04/26/1 - () http://www.openwall.com/lists/oss-security/2026/04/26/1 - Mailing List

27 Apr 2026, 07:16

Type Values Removed Values Added
References
  • () https://blog.hartwork.org/posts/expat-2-8-0-released/ -
  • () https://www.openwall.com/lists/oss-security/2026/04/26/1 -
Summary (en) libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. (en) libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

26 Apr 2026, 22:17

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/04/26/1 -

23 Apr 2026, 19:24

Type Values Removed Values Added
References () https://github.com/libexpat/libexpat/issues/47 - () https://github.com/libexpat/libexpat/issues/47 - Issue Tracking
References () https://github.com/libexpat/libexpat/pull/1183 - () https://github.com/libexpat/libexpat/pull/1183 - Issue Tracking, Patch
First Time Libexpat Project libexpat
Libexpat Project
CPE cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

16 Apr 2026, 17:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-04-16 17:16

Updated : 2026-06-12 18:43

NVD link : CVE-2026-41080

Mitre link : CVE-2026-41080

CVE.ORG link : CVE-2026-41080

JSON object : View

Products Affected

libexpat_project

  • libexpat
CWE
CWE-331

Insufficient Entropy