vulnerability

Ubuntu: USN-7974-1 (CVE-2026-0992): libxml2 vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:M/Au:N/C:N/I:N/A:P)	Jan 15, 2026	Jan 23, 2026	Jan 28, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:N/I:N/A:P)

Published

Jan 15, 2026

Added

Jan 23, 2026

Modified

Jan 28, 2026

Description

It was discovered that libxml2 incorrectly handled maliciously crafted SGML
catalog files. An attacker could possibly use this issue to cause libxml2
to consume excessive resources, leading to a denial of service.
(CVE-2025-8732)

It was discovered that libxml2 incorrectly handled recursive include
directories with the RelaxNG parser. An attacker could possibly use this
issue to cause libxml2 to consume excessive resources, leading to a denial
of service. (CVE-2026-0989)

Nick Wellnhofer discovered that libxml2 incorrectly parsed catalogs with
self-referencing URI delegates. An attacker could possibly use this issue
to cause libxml2 to consume excessive resources, leading to a denial of
service. (CVE-2026-0990)

Nick Wellnhofer discovered that libxml2 inefficiently parsed catalogs
linked with repeating nextCatalog elements. An attacker could possibly use
this issue to cause libxml2 to use excessive resources, leading to a denial
of service. (CVE-2026-0992)

Solutions

ubuntu-pro-upgrade-libxml2ubuntu-pro-upgrade-libxml2-16

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today