93 matches found
BIT-PYTHON-MIN-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...
CVE-2026-7210
A flaw was found in the python and expat components. Insufficient entropy in the hash-flooding protection mechanism of xml.parsers.expat and xml.etree.ElementTree allows a remote attacker to craft a malicious XML document. This crafted document can trigger a hash flooding attack, leading to a...
OESA-2026-2499 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...
OESA-2026-2498 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...
Low: thunderbird
Issue Overview: libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Affected Packages: thunderbird Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL...
Low: firefox
Issue Overview: libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Affected Packages: firefox Note: This advisory is applicable to Amazon Linux 2 - Firefox Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extra...
Amazon Linux 2023 : firefox (ALAS2023-2026-1706)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1706 advisory. libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Tenable has extracted the preceding description block directly from the test...
OESA-2026-2295 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...
OESA-2026-2294 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...
OESA-2026-2293 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...
Low: firefox
Issue Overview: libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Affected Packages: firefox Issue Correction: Run dnf update firefox --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1706 --releasever...
Linux Distros Unpatched Vulnerability : CVE-2026-7210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash...
EUVD-2026-29178
xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...
CVE-2026-7210
xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...
PSF-2026-23
xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...
CVE-2026-7210
xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...
PT-2026-39722
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection. This allows a specially crafted XML document to trigger hash flooding, a...
FreeBSD : (lib)expat -- Insufficient entropy (88440f1d-4168-11f1-95f7-00a098b42aeb)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 88440f1d-4168-11f1-95f7-00a098b42aeb advisory. https://github.com/libexpat/libexpat/pull/1183 reports: libexpat before 2.8.0 uses insufficient entropy...
SUSE CVE-2026-41080
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...