oM noM Security Feeds cve
vulnerability context

CVE-2026-56132

CVSS 6.9 MEDIUMEPSS 0.5%CWE-821OTX 5 pulses

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

Published 2026-06-19 · last modified 2026-06-23

details

CISA KEV status
Not in catalog
CVSS v3
6.9 / MEDIUM
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS
0.5% percentile (score 0.0009)
CWE
CWE-821
OTX pulses
5 total, 0 recent

source mentions 2

source consensus

  • Bluesky
  • MSRC Update Guide
Want the 3-bullet summary of CVE-2026-56132, plus webhook alerts when KEV is updated? Pro is $10/mo.