{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-41080", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-16T16:52:00.655Z", "datePublished": "2026-04-16T16:52:01.177Z", "dateUpdated": "2026-04-27T05:59:38.490Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "libexpat", "vendor": "libexpat project", "versions": [{"lessThan": "2.8.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.8.0"}]}]}], "descriptions": [{"lang": "en", "value": "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-331", "description": "CWE-331 Insufficient Entropy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-27T05:59:38.490Z"}, "references": [{"url": "https://github.com/libexpat/libexpat/pull/1183"}, {"url": "https://github.com/libexpat/libexpat/issues/47"}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/26/1"}, {"url": "https://blog.hartwork.org/posts/expat-2-8-0-released/"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-18T02:32:34.525022Z", "id": "CVE-2026-41080", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-18T02:33:52.350Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/26/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-26T18:14:25.064Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/26/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-26T18:14:25.064Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-41080", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-18T02:32:34.525022Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-18T02:33:42.798Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "libexpat project", "product": "libexpat", "versions": [{"status": "affected", "version": "0", "lessThan": "2.8.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/libexpat/libexpat/pull/1183"}, {"url": "https://github.com/libexpat/libexpat/issues/47"}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/26/1"}, {"url": "https://blog.hartwork.org/posts/expat-2-8-0-released/"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-331", "description": "CWE-331 Insufficient Entropy"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.8.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-27T05:59:38.490Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41080", "state": "PUBLISHED", "dateUpdated": "2026-04-27T05:59:38.490Z", "dateReserved": "2026-04-16T16:52:00.655Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-16T16:52:01.177Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "matchCriteriaId": "8645A458-70D0-4DA9-BB49-EED4D13CFD0A", "versionEndExcluding": "2.7.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document."}], "id": "CVE-2026-41080", "lastModified": "2026-04-27T07:16:03.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-16T17:16:54.917", "references": [{"source": "cve@mitre.org", "url": "https://blog.hartwork.org/posts/expat-2-8-0-released/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/libexpat/libexpat/issues/47"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libexpat/libexpat/pull/1183"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2026/04/26/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/04/26/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-331"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML", "id": "2458967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458967"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-331", "details": ["A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a specially crafted XML document that leverages insufficient entropy in the hash function. This can lead to hash flooding, a type of Denial of Service (DoS) attack, where the system becomes unresponsive or crashes due to excessive resource consumption."], "mitigation": {"lang": "en:us", "value": "Applications that process untrusted XML documents using libexpat should implement robust input validation to filter out malicious XML structures. Restricting access to services that process untrusted XML can also reduce the attack surface. If a service is affected, restarting it may be required after implementing input validation or access restrictions."}, "name": "CVE-2026-41080", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "compat-expat1", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-expat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-16T16:52:01Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-41080\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41080\nhttps://github.com/libexpat/libexpat/issues/47\nhttps://github.com/libexpat/libexpat/pull/1183"], "statement": "This Low impact denial of service flaw in libexpat could allow a remote attacker to cause the program consuming libexpat to become unresponsive or crash. This vulnerability requires the processing of a specially crafted XML document, which could lead to excessive resource consumption due to hash flooding.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.7.6)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "libexpat", "source": "cna", "vendor": "libexpat project"}, "product": "libexpat", "vendor": "libexpat_project"}], "analysis": {"en": {"generated_at": "2026-04-28T21:33:44.278104+00:00", "value": {"mitigation_remediation": ["Upgrade installed libexpat to version 2.8.0 or later to eliminate the hash\u2011flooding weakness.", "If an upgrade cannot be performed immediately, configure the application or environment to impose strict timeouts or size limits on XML parsing operations, preventing excessive resource consumption from crafted input.", "Monitor application logs and system metrics for unusually long or repeated XML parsing attempts, and isolate or quarantine hosts exhibiting such behavior to mitigate potential denial\u2011of\u2011service attacks."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all installations of the libexpat project with the libexpat library before version 2.8.0. Any software that links against these older releases is potentially vulnerable if it processes XML input from untrusted sources.", "description_and_impact": "The libexpat library, when used in versions before 2.8.0, relies on an inadequate entropy source for its hash function. This weakness permits attackers to craft XML documents that deliberately trigger hash collisions, causing the parser to expend excessive time and resources. The primary consequence is a denial\u2011of\u2011service condition as the application becomes unresponsive or exhausts memory.\n\nThe issue stems from CWE\u2011331, which marks the failure to incorporate sufficient randomness in hash generation.", "risk_and_exploitability": "The CVSS score for this weakness is 2.9, indicating a low overall risk. The EPSS score is less than 1\u202f%, showing that the likelihood of exploitation is very low. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to supply a crafted XML document to a system using the vulnerable libexpat version; the attack is predominantly a local or remote denial of service, depending on how the library is utilized."}}}}, "created": "2026-04-16T19:15:05.727881+00:00", "updated": "2026-04-28T21:45:26.135183+00:00", "vendors": ["libexpat_project", "libexpat_project$PRODUCT$libexpat"]}