CVE-2026-1757
Memory Leak in xmllint Interactive Shell Causes DoS
Publication date: 2026-02-02
Last updated on: 2026-04-22
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnome | libxml2 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the xmllint interactive shell of the libxml2 library. When a user inputs only whitespace characters, the program skips executing the command but fails to free the allocated memory buffer. Repeating this causes memory to accumulate continuously, eventually exhausting system memory and causing the xmllint process to terminate. [1]
How can this vulnerability impact me? :
The vulnerability can lead to a denial-of-service (DoS) condition on the local system by exhausting system memory. An attacker with local access to the xmllint interactive shell can exploit this by repeatedly submitting whitespace-only inputs, causing the xmllint process to crash due to out-of-memory conditions, potentially disrupting services relying on this utility. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the memory usage of the xmllint process when interacting with its shell. Specifically, repeated submission of whitespace-only input lines to the xmllint interactive shell will cause increasing memory consumption. You can detect this by running xmllint in interactive mode and observing its memory usage with commands like 'top', 'htop', or 'ps aux | grep xmllint'. For example, repeatedly input whitespace-only lines in the xmllint shell and watch for memory growth. There are no specific network detection commands since this is a local vulnerability requiring local shell access. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the xmllint interactive shell with inputs consisting solely of whitespace, as this triggers the memory leak. Restrict local access to the xmllint interactive shell to trusted users only. Additionally, update or patch the libxml2 package to a version where this vulnerability is fixed once available. Until then, monitor xmllint processes for abnormal memory usage and consider restarting them if memory consumption grows unexpectedly. [1]