GHSA-fpqv-cr66-h6pcLowCVSS 2.9
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted...
🔗 CVE IDs covered (1)
📋 Description
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
🔗 References (8)
- https://nvd.nist.gov/vuln/detail/CVE-2026-41080
- https://github.com/libexpat/libexpat/issues/47
- https://github.com/libexpat/libexpat/pull/1183
- http://www.openwall.com/lists/oss-security/2026/04/26/1
- https://blog.hartwork.org/posts/expat-2-8-0-released
- https://www.openwall.com/lists/oss-security/2026/04/26/1
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://github.com/advisories/GHSA-fpqv-cr66-h6pc