Low severity2.9NVD Advisory· Published May 10, 2026· Updated May 14, 2026
CVE-2026-45186
CVE-2026-45186
Description
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6(expand)+ 2 more
- (no CPE)
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*range: <2.8.1
- (no CPE)range: <2.8.1
- osv-coords3 versionspkg:rpm/almalinux/expatpkg:rpm/almalinux/expat-develpkg:rpm/opensuse/expat&distro=openSUSE%20Tumbleweed
< 2.7.3-1.el10_2.1+ 2 more
- (no CPE)range: < 2.7.3-1.el10_2.1
- (no CPE)range: < 2.7.3-1.el10_2.1
- (no CPE)range: < 2.8.1-1.1
Patches
Vulnerability mechanics
References
2- github.com/libexpat/libexpat/pull/1216nvdExploitIssue TrackingPatch
- www.openwall.com/lists/oss-security/2026/05/11/16nvdMailing ListThird Party Advisory
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026