FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

(lib)expat -- Insufficient entropy

Affected packages
expat < 2.8.0

Details

VuXML ID 88440f1d-4168-11f1-95f7-00a098b42aeb
Discovery 2026-04-16
Entry 2026-04-26

https://github.com/libexpat/libexpat/pull/1183 reports:

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

[source]

References

CVE Name CVE-2026-41080
URL https://cveawg.mitre.org/api/cve/CVE-2026-41080

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.