CVE-2026-32777

MEDIUM

libexpat < 2.7.5 - Denial of Service via Infinite Loop in DTD Parsing

Title source: llm
STIX 2.1

Description

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

References (4)

Core 4

Scores

CVSS v3 4.0
EPSS 0.0021
EPSS Percentile 11.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-835
Status published
Products (2)
libexpat project/libexpat < 2.7.5
libexpat_project/libexpat < 2.7.5
Published Mar 16, 2026
Tracked Since Mar 16, 2026