CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

low 2.9 CVSS 3.1

Published: May 10, 2026

Modified: May 10, 2026

Description

References

https://github.com/libexpat/libexpat/pull/1216

Version	3.1
Score	2.9 / 10
Severity	low