CVE-2026-56132
Received Received - Intake
Heap-based Buffer Overflow in Expat XML Parser

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: MITRE

Description
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-56132
EUVD
EUVD-2026-37977
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libexpat libexpat to 2.8.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-821 The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-56132 is a security vulnerability in the libexpat library, specifically in the doProlog function within xmlparse.c. It is a heap-based buffer overflow caused by improper handling of a buffer called scaffIndex when multiple parsers share data structures. The issue arises because the variable m_groupSize, which controls the size of the scaffIndex buffer, is reused incorrectly when sub-parsers with shallower nesting levels reallocate this shared buffer. This leads to the parent parser continuing with a buffer that is too small, causing out-of-bounds writes beyond the allocated memory.

The vulnerability occurs due to mishandling of scaffold backing array reallocation when data-structure sharing happens across parsers, resulting in memory corruption. A fix has been proposed that removes the reuse of m_groupSize for scaffIndex allocation to ensure each parser independently manages its buffer size, preventing buffer overflows.

Impact Analysis

This vulnerability can lead to a heap-based buffer overflow, which may cause memory corruption. Such memory corruption can result in application crashes, denial of service, or potentially allow an attacker to execute arbitrary code with the privileges of the affected application.

Because the vulnerability involves out-of-bounds writes in a widely used XML parsing library, any software using vulnerable versions of libexpat before 2.8.2 could be at risk if it processes untrusted XML data.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, you should update libexpat to version 2.8.2 or later, where the issue has been fixed by removing the reuse of the m_groupSize variable for scaffIndex allocation, preventing the heap-based buffer overflow.

Applying the patch from the approved pull request #1272 is recommended if you cannot immediately upgrade to the fixed version.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56132. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart