Low severity3.7NVD Advisory· Published Jan 15, 2026· Updated Apr 22, 2026
CVE-2026-0989
CVE-2026-0989
Description
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32- osv-coords31 versionspkg:rpm/opensuse/libxml2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libxml2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libxml2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python-libxml2-python&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python-libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
< 2.10.3-150500.5.35.1+ 30 more
- (no CPE)range: < 2.10.3-150500.5.35.1
- (no CPE)range: < 2.13.8-160000.3.1
- (no CPE)range: < 2.14.5-2.1
- (no CPE)range: < 2.10.3-150500.5.35.1
- (no CPE)range: < 2.13.8-160000.3.1
- (no CPE)range: < 2.9.7-150000.3.91.1
- (no CPE)range: < 2.9.7-150000.3.91.1
- (no CPE)range: < 2.9.14-150400.5.55.1
- (no CPE)range: < 2.9.14-150400.5.55.1
- (no CPE)range: < 2.10.3-150500.5.35.1
- (no CPE)range: < 2.12.10-150700.4.11.1
- (no CPE)range: < 2.13.8-160000.3.1
- (no CPE)range: < 2.13.8-160000.3.1
- (no CPE)range: < 2.9.4-46.96.1
- (no CPE)range: < 2.11.6-11.1
- (no CPE)range: < 2.11.6-slfo.1.1_7.1
- (no CPE)range: < 2.13.8-160000.3.1
- (no CPE)range: < 2.9.14-150400.5.55.1
- (no CPE)range: < 2.9.14-150400.5.55.1
- (no CPE)range: < 2.10.3-150500.5.35.1
- (no CPE)range: < 2.12.10-150700.4.11.1
- (no CPE)range: < 2.12.10-150700.4.11.1
- (no CPE)range: < 2.13.8-160000.3.1
- (no CPE)range: < 2.13.8-160000.3.1
- (no CPE)range: < 2.11.6-12.1
- (no CPE)range: < 2.11.6-slfo.1.1_8.1
- (no CPE)range: < 2.13.8-160000.3.1
- (no CPE)range: < 1.1.38-8.1
- (no CPE)range: < 1.1.38-slfo.1.1_6.1
- (no CPE)range: < 2.9.4-46.96.1
- (no CPE)range: < 2.9.7-150000.3.91.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.