Sign in Get started

← All advisories

Low severity2.9NVD Advisory· Published Apr 16, 2026· Updated Apr 27, 2026

CVE-2026-41080

CVE-2026-41080

Description

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Affected products

1

Libexpat Project/Libexpat
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Range: <2.7.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

github.com/libexpat/libexpat/pull/1183nvdIssue TrackingPatch
github.com/libexpat/libexpat/issues/47nvdIssue Tracking
www.openwall.com/lists/oss-security/2026/04/26/1nvd
blog.hartwork.org/posts/expat-2-8-0-released/nvd
www.openwall.com/lists/oss-security/2026/04/26/1nvd

News mentions

0

No linked articles in our index yet.