CVE-2026-0989

low

Red Hat

CVSS v3 Base Score

3.7

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.0%

Exploitation probability in 30 days

Top 95% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

None

Integrity

None

Availability

Low

Published: January 15, 2026 (120 days ago)

Last Modified: January 15, 2026

Vendor: Red Hat

Description

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

CWE

CWE-674

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat JBoss Core ServicesRed Hat OpenShift Container Platform 4

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov

CVE-2026-0989

Vulnerability Report

Description

CWE

Affected Products

References