{
  "threat_severity" : "Low",
  "public_date" : "2026-04-16T16:52:01Z",
  "bugzilla" : {
    "description" : "libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML",
    "id" : "2458967",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2458967"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-331",
  "details" : [ "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a specially crafted XML document that leverages insufficient entropy in the hash function. This can lead to hash flooding, a type of Denial of Service (DoS) attack, where the system becomes unresponsive or crashes due to excessive resource consumption." ],
  "statement" : "This Low impact denial of service flaw in libexpat could allow a remote attacker to cause the program consuming libexpat to become unresponsive or crash. This vulnerability requires the processing of a specially crafted XML document, which could lead to excessive resource consumption due to hash flooding.",
  "affected_release" : [ {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-04-27T00:00:00Z",
    "advisory" : "RHSA-2026:11004",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "expat-main-2.8.0-0.1.hum1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "compat-expat1",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "mingw-expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-41080\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41080\nhttps://github.com/libexpat/libexpat/issues/47\nhttps://github.com/libexpat/libexpat/pull/1183" ],
  "name" : "CVE-2026-41080",
  "mitigation" : {
    "value" : "Applications that process untrusted XML documents using libexpat should implement robust input validation to filter out malicious XML structures. Restricting access to services that process untrusted XML can also reduce the attack surface. If a service is affected, restarting it may be required after implementing input validation or access restrictions.",
    "lang" : "en:us"
  },
  "csaw" : false
}