CVE-2026-56412
Received Received - Intake
Use-After-Free in Expat XML Parser

Publication date: 2026-06-21

Last updated on: 2026-06-21

Assigner: MITRE

Description
libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-21
Last Modified
2026-06-21
Generated
2026-06-22
AI Q&A
2026-06-21
EPSS Evaluated
N/A
NVD
CVE-2026-56412
EUVD
EUVD-2026-38189
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libexpat libexpat to 2.8.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the libexpat library before version 2.8.2 and relates to improper handling of XML CDATA sections in the function doCdataSection. Specifically, the XML_TOK_DATA_CHARS handler was called without proper tracking of handler call depth, due to missing beforeHandler() and afterHandler() calls. This caused the internal handler call depth counter to remain at zero, leading the system to incorrectly believe it was not inside a handler when it actually was. Because of this, a previous fix (CVE-2026-50219) was bypassed, resulting in a use-after-free condition.

Impact Analysis

The vulnerability can lead to a use-after-free condition during XML parsing, which is a type of memory corruption. This can potentially be exploited to cause crashes, unexpected behavior, or even arbitrary code execution depending on the context in which libexpat is used. The CVSS score of 4.9 indicates a moderate severity with local attack vector, high attack complexity, and impacts on confidentiality, integrity, and availability.

Detection Guidance

This vulnerability is related to the libexpat library's internal handling of XML CDATA sections and involves improper handler call depth tracking leading to a use-after-free condition.

Detection on a network or system level is not straightforward because this is a library-level issue affecting XML parsing behavior rather than a network-exposed service.

To detect if your system is vulnerable, you can check the version of libexpat installed. Versions before 2.8.2 are affected.

Suggested commands to check the installed libexpat version include:

  • On Linux, run: `xmlwf --version` or `expat-config --version` if available.
  • Alternatively, check the package manager: `dpkg -l | grep libexpat` (Debian/Ubuntu) or `rpm -q libexpat` (RedHat/CentOS).

For runtime detection of exploitation attempts, monitoring logs for crashes or unusual behavior in applications using libexpat might help, but no specific commands or signatures are provided.

Mitigation Strategies

The primary mitigation step is to upgrade libexpat to version 2.8.2 or later, where the vulnerability has been fixed.

This update includes proper handler call depth tracking in the doCdataSection function, preventing the use-after-free condition.

If upgrading immediately is not possible, consider limiting or monitoring the use of XML parsing in your environment, especially for untrusted input.

Review and apply any patches or updates provided by your operating system or software vendors that include the fixed libexpat version.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56412. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart