CVE-2026-56412: CWE-416 Use After Free in libexpat project libexpat
A use-after-free vulnerability exists in libexpat versions before 2.8.2 due to improper handling of XML_TOK_DATA_CHARS in the doCdataSection function. This issue arises from incomplete handler call depth tracking when policy violations occur, leading to potential memory corruption. It is a follow-up to an earlier incomplete fix for CVE-2026-50219. The vulnerability has a medium severity rating with a CVSS score of 4.9.
AI Analysis
Technical Summary
The libexpat XML parsing library before version 2.8.2 does not properly handle XML_TOK_DATA_CHARS tokens within the doCdataSection function. This results in missing handler call depth tracking for certain calls triggered by policy violations, which can cause a use-after-free condition. This vulnerability is a consequence of an incomplete fix for a previous issue identified as CVE-2026-50219. Exploitation could lead to limited confidentiality, integrity, and availability impacts as indicated by the CVSS vector.
Potential Impact
Successful exploitation of this use-after-free vulnerability could allow an attacker with local access and high attack complexity to cause limited information disclosure, data modification, or denial of service. The CVSS vector indicates no privileges required and no user interaction, but the attack complexity is high and the attack vector is local, limiting the ease of exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch information is currently available. Users should monitor libexpat project advisories for updates and apply patches once released. Until then, avoid processing untrusted XML data with affected versions if possible.
CVE-2026-56412: CWE-416 Use After Free in libexpat project libexpat
Description
A use-after-free vulnerability exists in libexpat versions before 2.8.2 due to improper handling of XML_TOK_DATA_CHARS in the doCdataSection function. This issue arises from incomplete handler call depth tracking when policy violations occur, leading to potential memory corruption. It is a follow-up to an earlier incomplete fix for CVE-2026-50219. The vulnerability has a medium severity rating with a CVSS score of 4.9.
CVSS v3.1
Score 4.9medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The libexpat XML parsing library before version 2.8.2 does not properly handle XML_TOK_DATA_CHARS tokens within the doCdataSection function. This results in missing handler call depth tracking for certain calls triggered by policy violations, which can cause a use-after-free condition. This vulnerability is a consequence of an incomplete fix for a previous issue identified as CVE-2026-50219. Exploitation could lead to limited confidentiality, integrity, and availability impacts as indicated by the CVSS vector.
Potential Impact
Successful exploitation of this use-after-free vulnerability could allow an attacker with local access and high attack complexity to cause limited information disclosure, data modification, or denial of service. The CVSS vector indicates no privileges required and no user interaction, but the attack complexity is high and the attack vector is local, limiting the ease of exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch information is currently available. Users should monitor libexpat project advisories for updates and apply patches once released. Until then, avoid processing untrusted XML data with affected versions if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-06-21T15:58:58.955Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3813d0eed863c81e111ff9
Added to database: 06/21/2026, 16:39:44 UTC
Last enriched: 06/21/2026, 16:54:07 UTC
Last updated: 06/22/2026, 00:52:47 UTC
Views: 14
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.