CVE-2026-0989

LOW

libxml2 - DoS

Title source: llm

Description

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

References (2)

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2026-0989

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2429933

Scores

CVSS v3 3.7

EPSS 0.0002

EPSS Percentile 4.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-674

Status draft

Timeline

Published Jan 15, 2026

Tracked Since Feb 18, 2026