LOW
libexpat project
CVE published 2026-05-10
CVE-2026-45186
CVE-2026-45186 is a low-severity denial-of-service issue in libexpat before 2.8.1. According to the CVE description, the problem is a computational-complexity weakness in attribute name collision checks, which can let crafted XML input consume excessive processing time and disrupt availability.