CVE-2026-32777 - Vulnerability Analysis
MediumCVSS: 4.0Last Updated: March 17, 2026
libexpat - Denial of Service
Published: March 16, 2026Updated: March 17, 2026PoC Available
Overview
libexpat < 2.7.5 contains a denial of service caused by an infinite loop while parsing DTD content, letting attackers cause application hang, exploit requires crafted XML input.
Severity & Score
Severity: Medium
CVSS Score: 4.0
Impact
Attackers can cause the application to hang, resulting in denial of service.
Mitigation
Update to version 2.7.5 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-32777
- Severity
- Medium
- CVSS Score
- 4.0
- Type
- xml_external_entity_injection
- Status
- confirmed
CWE
- CWE-835
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L