CVE-2026-0990
Analyzed
Analyzed - Analysis Complete
BaseFortify
Vulnerability report for CVE-2026-0990, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-01-15
Last updated on: 2026-06-30
Assigner: Red Hat, Inc.
Description
Description
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | jboss_core_services | * |
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| redhat | hardened_images | * |
| ibm | vios | From 4.1.0 (inc) to 4.1.1.30 (exc) |
| ibm | vios | 4.1.2.0 |
| ibm | aix | From 7.2.5 (inc) to 7.2.5.12 (exc) |
| ibm | aix | From 7.3.2 (inc) to 7.3.3.3 (exc) |
| ibm | aix | 7.3.4 |
| xmlsoft | libxml2 | to 2.15.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |