Resource Consumption Vulnerability in libxml2 Library Affecting Red Hat
CVE-2026-0992

2.9LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 15 January 2026

What is CVE-2026-0992?

A flaw in the libxml2 library presents an uncontrolled resource consumption vulnerability that occurs when processing XML catalogs with repeated elements that reference the same downstream catalog. An attacker can exploit this flaw by providing specially crafted XML catalogs, inducing the parser to redundantly process catalog chains. This can lead to significant CPU consumption, severely degrading the availability of the affected applications and potentially resulting in a denial-of-service scenario.

References

https://access.redhat.com/security/cve/CVE-2026-0992

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2429975

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2026
Vulnerability Reserved
Jan 15, 2026

Credit

Red Hat would like to thank Nick Wellnhofer for reporting this issue.

JSON