Low severity2.9NVD Advisory· Published Jan 15, 2026· Updated Apr 22, 2026
CVE-2026-0992
CVE-2026-0992
Description
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
36- osv-coords35 versionspkg:rpm/opensuse/libxml2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libxml2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libxml2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libxslt&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python-libxml2-python&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python-libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
< 2.10.3-150500.5.38.1+ 34 more
- (no CPE)range: < 2.10.3-150500.5.38.1
- (no CPE)range: < 2.13.8-160000.4.1
- (no CPE)range: < 2.14.5-4.1
- (no CPE)range: < 2.10.3-150500.5.38.1
- (no CPE)range: < 2.13.8-160000.4.1
- (no CPE)range: < 1.1.43-160000.4.1
- (no CPE)range: < 2.9.7-150000.3.94.1
- (no CPE)range: < 2.9.7-150000.3.94.1
- (no CPE)range: < 2.9.14-150400.5.55.1
- (no CPE)range: < 2.9.14-150400.5.55.1
- (no CPE)range: < 2.10.3-150500.5.38.1
- (no CPE)range: < 2.12.10-150700.4.11.1
- (no CPE)range: < 2.13.8-160000.4.1
- (no CPE)range: < 2.13.8-160000.4.1
- (no CPE)range: < 2.9.4-46.99.1
- (no CPE)range: < 2.11.6-12.1
- (no CPE)range: < 2.11.6-slfo.1.1_8.1
- (no CPE)range: < 2.13.8-160000.4.1
- (no CPE)range: < 2.9.14-150400.5.55.1
- (no CPE)range: < 2.9.14-150400.5.55.1
- (no CPE)range: < 2.10.3-150500.5.38.1
- (no CPE)range: < 2.12.10-150700.4.11.1
- (no CPE)range: < 2.12.10-150700.4.11.1
- (no CPE)range: < 2.13.8-160000.4.1
- (no CPE)range: < 2.13.8-160000.4.1
- (no CPE)range: < 2.11.6-12.1
- (no CPE)range: < 2.11.6-slfo.1.1_8.1
- (no CPE)range: < 2.13.8-160000.4.1
- (no CPE)range: < 1.1.43-160000.4.1
- (no CPE)range: < 1.1.43-160000.4.1
- (no CPE)range: < 1.1.38-8.1
- (no CPE)range: < 1.1.38-slfo.1.1_6.1
- (no CPE)range: < 1.1.43-160000.4.1
- (no CPE)range: < 2.9.4-46.99.1
- (no CPE)range: < 2.9.7-150000.3.94.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.