← Back

CVE-2026-56131

nvd nist
Published: Jun 19, 2026Modified: Jun 23, 2026

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Exploitability: 1.4 / Impact: 3.4
Source: MITRE (Secondary)

Description

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).

Affected (1)

Libexpat
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Before 2.8.2

References (1)

Timeline

No history available yet.