VDB

CISA-2026-0992

CISA-2026-0992 PUBLISHED CVSS 2.9 LOW

Reported by redhat · Published January 15, 2026

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Risk Scores

CVSS 3.1
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 9
Red HatRed Hat JBoss Core Services
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat JBoss Core Services
Red HatRed Hat Enterprise Linux 9
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat Enterprise Linux 7

Timeline

  • Jan 15, 2026 CVE Published
  • Jan 15, 2026 CVE Updated

References

  • vdb-entryx_refsource_REDHAT
  • RHBZ#2429975 issue-trackingx_refsource_REDHAT
Open in Interactive Console →
$ Console Community · 100/wk Open console ›