CVE-2026-45186

LOW

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

CVSS v3.1 Score

2.9

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Complexity

HIGH

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Published: 5/10/2026Modified: 5/14/2026

Related Intelligence (2)

CRITICALAi

Patch Tuesday - May 2026

Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above. Windows Netlogon: critical RCE Anyone responsible for securing a domain con

CVE-2026-41089CVE-2020-1472

5d agoRapid7

HIGHVulnerability

NVD HIGH: CVE-2026-45186 — In libexpat before 2.8.1, the computational complexity of attribute name collisi...

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

CVE-2026-45186

May 10, 2026NIST NVD

References (2)

https://github.com/libexpat/libexpat/pull/1216ExploitIssue Tracking http://www.openwall.com/lists/oss-security/2026/05/11/16Mailing ListThird Party Advisory