{"api_version":"1","generated_at":"2026-04-09T20:35:45+00:00","cve":"CVE-2026-0989","urls":{"html":"https://cve.report/CVE-2026-0989","api":"https://cve.report/api/cve/CVE-2026-0989.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0989","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0989"},"summary":{"title":"Libxml2: unbounded relaxng include recursion leading to stack overflow","description":"A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-01-15 15:15:52","updated_at":"2026-04-09 18:16:43"},"problem_types":["CWE-674","CWE-674 Uncontrolled Recursion"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":3.7,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-0989","name":"https://access.redhat.com/security/cve/CVE-2026-0989","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/998","name":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/998","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429933","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2429933","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0989","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0989","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Hardened Images","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Core Services","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-01-15T12:36:12.129Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2026-01-15T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"To mitigate this issue, restrict applications using libxml2 from processing untrusted RelaxNG schema files. Implement strict input validation and sanitization for all RelaxNG schema inputs to prevent the parsing of maliciously crafted, deeply nested include directives.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank lanbigking for reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0989","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-01-15T16:31:12.583434Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-01-15T16:39:34.311Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"libxml2","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"affected","packageName":"libxml2","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"affected","packageName":"libxml2","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"affected","packageName":"libxml2","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","packageName":"libxml2","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:hummingbird:1"],"defaultStatus":"affected","packageName":"libxml2","product":"Red Hat Hardened Images","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:jboss_core_services:1"],"defaultStatus":"affected","packageName":"libxml2","product":"Red Hat JBoss Core Services","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"Red Hat would like to thank lanbigking for reporting this issue."}],"datePublic":"2026-01-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Low"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":3.7,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-674","description":"Uncontrolled Recursion","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-09T18:04:27.028Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-0989"},{"name":"RHBZ#2429933","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429933"},{"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/998"}],"timeline":[{"lang":"en","time":"2026-01-15T12:36:12.129Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-01-15T00:00:00.000Z","value":"Made public."}],"title":"Libxml2: unbounded relaxng include recursion leading to stack overflow","workarounds":[{"lang":"en","value":"To mitigate this issue, restrict applications using libxml2 from processing untrusted RelaxNG schema files. Implement strict input validation and sanitization for all RelaxNG schema inputs to prevent the parsing of maliciously crafted, deeply nested include directives."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-674: Uncontrolled Recursion"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2026-0989","datePublished":"2026-01-15T14:20:23.274Z","dateReserved":"2026-01-15T12:38:51.419Z","dateUpdated":"2026-04-09T18:04:27.028Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-01-15 15:15:52","lastModifiedDate":"2026-04-09 18:16:43","problem_types":["CWE-674","CWE-674 Uncontrolled Recursion"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"989","Ordinal":"1","Title":"Libxml2: unbounded relaxng include recursion leading to stack ov","CVE":"CVE-2026-0989","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"989","Ordinal":"1","NoteData":"A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.","Type":"Description","Title":"Libxml2: unbounded relaxng include recursion leading to stack ov"}]}}}