Infinite Loop in libexpat <2.7.5 DTD Parsing: CVE-2026-32777 March 2026

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

Vulnerability Analysis

CVE-2026-32777 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

LOW

Weakness Type

What is an Infinite Loop Vulnerability?

The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.

CVE-2026-32777 has been classified to as an Infinite Loop vulnerability or weakness.

Infinite Loop in libexpat <2.7.5 DTD Parsing
CVE-2026-32777 Published on March 16, 2026

Vulnerability Analysis

Weakness Type

What is an Infinite Loop Vulnerability?

Affected Versions

Infinite Loop in libexpat <2.7.5 DTD ParsingCVE-2026-32777 Published on March 16, 2026

Vulnerability Analysis

Weakness Type

What is an Infinite Loop Vulnerability?

Affected Versions

Infinite Loop in libexpat <2.7.5 DTD Parsing
CVE-2026-32777 Published on March 16, 2026