{"id":"AZL-74778","summary":"CVE-2026-0992 affecting package libxml2 for versions less than 2.10.4-10","details":"A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.","modified":"2026-04-21T04:38:47.908952Z","published":"2026-01-15T15:15:52Z","upstream":["CVE-2026-0992"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0992"}],"affected":[{"package":{"name":"libxml2","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/libxml2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.4-10"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74778.json"}}],"schema_version":"1.7.5"}