Description
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
Published: 2026-01-15
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via stack exhaustion due to unbounded RelaxNG include recursion
Action: Apply Workaround
AI Analysis

Impact

libxml2’s RelaxNG parser processes nested <include> directives without limiting recursion depth, allowing specially crafted or deeply nested schemas to trigger stack exhaustion. The resulting overflow causes the calling application to crash, leading to a denial‑of‑service condition. The weakness corresponds to CWE‑674, which describes uncontrolled recursion. This flaw does not provide code execution or data disclosure but can disrupt availability of any service that parses untrusted RelaxNG schemas.

Affected Systems

The vulnerability affects multiple Red Hat products that bundle libxml2, including Red Hat Enterprise Linux releases 6 through 10, Red Hat Hardened Images, Red Hat JBoss Core Services, and Red Hat OpenShift Container Platform 4. The specific libxml2 version in use is not listed, but any installation of libxml2 on the affected Red Hat platforms is potentially susceptible.

Risk and Exploitability

With a CVSS score of 3.7, the vulnerability represents a low severity risk. The EPSS score of less than 1 % indicates an extremely low likelihood of exploitation. The CVE is not currently listed in the CISA KEV catalog. The likely attack vector involves an adversary supplying a malicious RelaxNG schema file to an application that processes such schemas with libxml2. No elevated privileges, network access, or local compromise are required beyond the ability to deliver an untrusted schema to the vulnerable process. If exploited, the outcome is a crash of the target application, which may affect service availability.

Generated by OpenCVE AI on April 15, 2026 at 16:40 UTC.

Remediation

Vendor Workaround

To mitigate this issue, restrict applications using libxml2 from processing untrusted RelaxNG schema files. Implement strict input validation and sanitization for all RelaxNG schema inputs to prevent the parsing of maliciously crafted, deeply nested include directives.

OpenCVE Recommended Actions

  • Restrict applications from processing untrusted RelaxNG schema files
  • Implement strict input validation and sanitization for all RelaxNG schema inputs to prevent maliciously crafted nested includes
  • Upgrade to the latest libxml2 release that limits recursion depth, once a vendor patch is available
  • If a patch is not yet available, isolate services that parse external schemas or disable schema parsing for untrusted inputs

Generated by OpenCVE AI on April 15, 2026 at 16:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-7974-1 libxml2 vulnerabilities
History

Wed, 22 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
References

Thu, 09 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird
References

Fri, 16 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Low

Thu, 15 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 15 Jan 2026 14:30:00 +0000

Type Values Removed Values Added
Description A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
Title Libxml2: unbounded relaxng include recursion leading to stack overflow
First Time appeared Redhat
Redhat enterprise Linux
Redhat jboss Core Services
Redhat openshift
Weaknesses CWE-674
CPEs cpe:/a:redhat:jboss_core_services:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat jboss Core Services
Redhat openshift
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Redhat Enterprise Linux Hummingbird Jboss Core Services Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-22T09:31:01.948Z

Reserved: 2026-01-15T12:38:51.419Z

Link: CVE-2026-0989

cve-icon Vulnrichment

Updated: 2026-01-15T16:39:30.668Z

cve-icon NVD

Status : Deferred

Published: 2026-01-15T15:15:52.350

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0989

cve-icon Redhat

Severity : Low

Publid Date: 2026-01-15T00:00:00Z

Links: CVE-2026-0989 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T18:15:10Z

Weaknesses