CVE-2026-41080

LOW

2.9CVSS v3

—CVSS v2

0.01% EPSS (exploit probability)

CWE-331CWE

Description

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

CVSS v3 vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

No routers currently mapped to this CVE in our database.