VYPR
Medium severity5.9NVD Advisory· Published Jan 15, 2026· Updated Apr 22, 2026

CVE-2026-0990

CVE-2026-0990

Description

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

35

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.