CVE-2026-41080

Summary

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Affected Software

VendorProductVersion RangeStatus
libexpat projectlibexpat0 < 2.8.0affected

Weaknesses

  • CWE-331: CWE-331 Insufficient Entropy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References