Low severity2.9NVD Advisory· Published Apr 16, 2026· Updated Jun 12, 2026
CVE-2026-41080
CVE-2026-41080
Description
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*range: <2.8.0
- (no CPE)range: <2.8.0
Patches
Vulnerability mechanics
References
5- github.com/libexpat/libexpat/pull/1183nvdIssue TrackingPatch
- www.openwall.com/lists/oss-security/2026/04/26/1nvdMailing List
- blog.hartwork.org/posts/expat-2-8-0-released/nvdRelease Notes
- github.com/libexpat/libexpat/issues/47nvdIssue Tracking
- www.openwall.com/lists/oss-security/2026/04/26/1nvdMailing List
News mentions
0No linked articles in our index yet.