IM
IronMonkey Threat Research

CVE-2026-41080 HIGH

Published: 2026-04-16 | Last Modified: 2026-07-14 | Status: Modified

Description

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

CVSS Metrics

Base Score: 2.9 (LOW)

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack VectorLOCAL
Attack ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactLOW

Source: [email protected]

Type: Secondary

Exploitability Score: 1.4

Impact Score: 1.4

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-331

Affected Products

Vendor Product Version Update Type
libexpat_project libexpat * <built-in method update of dict object at 0x702bdc9f69c0> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Notification
Message here