{"id":"USN-8520-1","summary":"expat vulnerability","details":"It was discovered that Expat used insufficient entropy when generating\nhash salt values for its internal hash table. An attacker could use this\nto craft an XML document that triggers hash flooding, leading to a\ndenial of service.","modified":"2026-07-09T21:44:27.849140103Z","published":"2026-07-09T11:51:02Z","related":["UBUNTU-CVE-2026-41080"],"upstream":["CVE-2026-41080","UBUNTU-CVE-2026-41080"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8520-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-41080"}],"affected":[{"package":{"name":"expat","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/expat?arch=source&distro=esm-infra-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-7ubuntu0.16.04.5+esm12"}]}],"versions":["2.1.0-7","2.1.0-7ubuntu0.16.04.1","2.1.0-7ubuntu0.16.04.2","2.1.0-7ubuntu0.16.04.3","2.1.0-7ubuntu0.16.04.4","2.1.0-7ubuntu0.16.04.5","2.1.0-7ubuntu0.16.04.5+esm2","2.1.0-7ubuntu0.16.04.5+esm5","2.1.0-7ubuntu0.16.04.5+esm6","2.1.0-7ubuntu0.16.04.5+esm7","2.1.0-7ubuntu0.16.04.5+esm8","2.1.0-7ubuntu0.16.04.5+esm9","2.1.0-7ubuntu0.16.04.5+esm10","2.1.0-7ubuntu0.16.04.5+esm11"],"ecosystem_specific":{"binaries":[{"binary_name":"expat","binary_version":"2.1.0-7ubuntu0.16.04.5+esm12"},{"binary_version":"2.1.0-7ubuntu0.16.04.5+esm12","binary_name":"lib64expat1"},{"binary_version":"2.1.0-7ubuntu0.16.04.5+esm12","binary_name":"libexpat1"}],"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2026-41080","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8520-1.json"}}],"schema_version":"1.7.5"}