{“lastseen”:””,”description”:”A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \\u003cinclude\\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.”,”published”:”2026-01-15T14:20:23.274Z”,”modified”:”2026-01-15T14:20:23.274Z”,”type”:”cve”,”title”:”Libxml2: unbounded relaxng include recursion leading to stack overflow”,”source”:”redhat”,”references”:”https:\/\/access.redhat.com\/security\/cve\/CVE-2026-0989\\nhttps:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2429933″,”id”:”CVE-2026-0989″,”bulletinFamily”:””,”cwe”:[“CWE-674″],”cvelist”:null,”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:3.7,”severity”:”LOW”,”vector”:”CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Red Hat Enterprise Linux 10″,”version”:””,”vendor”:”Red Hat”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,145,12,71,13,7,11,5],"class_list":["post-35790","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-37","tag-exploit","tag-low","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n