CVE-2026-0992
Analyzed
Analyzed - Analysis Complete
BaseFortify
Vulnerability report for CVE-2026-0992, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-01-15
Last updated on: 2026-06-30
Assigner: Red Hat, Inc.
Description
Description
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | jboss_core_services | * |
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| redhat | hardened_images | * |
| ibm | vios | From 4.1.0 (inc) to 4.1.1.30 (exc) |
| ibm | vios | 4.1.2.0 |
| ibm | aix | From 7.2.5 (inc) to 7.2.5.12 (exc) |
| ibm | aix | From 7.3.2 (inc) to 7.3.3.3 (exc) |
| ibm | aix | 7.3.4 |
| xmlsoft | libxml2 | to 2.15.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |