CVE-2026-56132

Summary

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

Affected Software

VendorProductVersion RangeStatus
libexpat projectlibexpat0 < 2.8.2affected

Weaknesses

  • CWE-821: CWE-821 Incorrect Synchronization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References