oM noM Security Feeds cve
vulnerability context

CVE-2026-56412

CVSS 4.9 MEDIUMEPSS 1.3%CWE-416OTX 7 pulses

libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.

Published 2026-06-21 · last modified 2026-06-23

details

CISA KEV status
Not in catalog
CVSS v3
4.9 / MEDIUM
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
1.3% percentile (score 0.0010)
CWE
CWE-416
OTX pulses
7 total, 0 recent

source mentions 2

source consensus

  • Bluesky
Want the 3-bullet summary of CVE-2026-56412, plus webhook alerts when KEV is updated? Pro is $10/mo.