CVE-2026-6653

Summary

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

Affected Software

VendorProductVersion RangeStatus
GNOMElibxml22.9.11 < 2.11.0affected

Weaknesses

  • CWE-416: CWE-416 Use after free
  • CWE-611: CWE-611 Improper Restriction of XML External Entity Processing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References