CVE-2026-56406
Received Received - Intake
Integer Overflow in Expat XML Parser

Publication date: 2026-06-21

Last updated on: 2026-06-21

Assigner: MITRE

Description
libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-21
Last Modified
2026-06-21
Generated
2026-06-21
AI Q&A
2026-06-21
EPSS Evaluated
N/A
NVD
CVE-2026-56406
EUVD
EUVD-2026-38183
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libexpat libexpat to 2.8.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an integer overflow in the libexpat library versions before 2.8.2. Specifically, the function XML_ParseBuffer lacked an important check that was present in XML_Parse, allowing an integer overflow to occur when parsing XML data.

The issue arises because XML_ParseBuffer did not validate the length parameter properly against a maximum allowed value, which could lead to incorrect memory handling.

The vulnerability was fixed by adding the missing overflow check from XML_Parse to XML_ParseBuffer, ensuring that if the length exceeds a safe limit, the parser sets an error and avoids processing potentially dangerous input.

Impact Analysis

This vulnerability can lead to serious impacts such as memory corruption due to the integer overflow during XML parsing.

According to the CVSS score of 6.9, the vulnerability has a high impact on confidentiality and integrity, and a low impact on availability.

  • An attacker with local access could exploit this to cause the application to behave unexpectedly or potentially execute arbitrary code.
  • It may lead to crashes or data corruption in applications relying on libexpat for XML parsing.
Mitigation Strategies

To mitigate the integer overflow vulnerability in libexpat before version 2.8.2, you should update libexpat to version 2.8.2 or later where the fix has been applied.

The fix involves adding an overflow check in the XML_ParseBuffer function to prevent integer overflow by validating the length parameter and setting an error if the limit is exceeded.

Detection Guidance

This vulnerability is an integer overflow in the libexpat library versions before 2.8.2, specifically in the XML_ParseBuffer function. Detection involves identifying if your system or applications are using a vulnerable version of libexpat.

To detect the vulnerability on your system, you can check the installed version of libexpat. For example, on Linux systems, you can run commands like:

  • dpkg -l | grep libexpat
  • rpm -qa | grep libexpat

If the version is earlier than 2.8.2, the system is potentially vulnerable.

Since the vulnerability is in the XML parsing function, network detection would require monitoring for exploit attempts targeting XML parsing in applications using libexpat, but no specific network detection commands or signatures are provided.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56406. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart