CVE-2026-57235
Awaiting Analysis Awaiting Analysis - Queue
Out-of-Bounds Read in Nokogiri XML NodeSet

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: GitHub, Inc.

Description
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-57235
EUVD
EUVD-2026-39422
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nokogiri nokogiri to 1.19.4 (inc)
sparklemotion nokogiri to 1.19.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Nokogiri, an open source XML and HTML library for Ruby. Before version 1.19.4, the method Nokogiri::XML::NodeSet#[] (and its alias #slice) incorrectly checked the requested index against the node set's bounds by using a 32-bit truncated copy of the index. This allowed a large negative index to bypass the bounds check and then be used at full width, leading to an out-of-bounds read.

On CRuby, this out-of-bounds read typically causes the process to crash. On JRuby, it does not cause memory unsafety but returns an incorrect node instead. The issue was fixed in Nokogiri version 1.19.4.

Impact Analysis

The vulnerability can cause a crash of the process using Nokogiri on CRuby due to an out-of-bounds read, potentially leading to denial of service. On JRuby, it may cause incorrect data to be returned from the node set, which could lead to application logic errors or incorrect behavior.

Detection Guidance

This vulnerability involves the Nokogiri Ruby library versions prior to 1.19.4, specifically in the method Nokogiri::XML::NodeSet#[] when a large negative index is used. Detection involves identifying if your system or application is using a vulnerable version of Nokogiri.

You can detect the vulnerability by checking the installed Nokogiri version with the following command in your Ruby environment:

  • ruby -rnokogiri -e 'puts Nokogiri::VERSION'

If the version is earlier than 1.19.4, your system is vulnerable.

Additionally, to detect exploitation attempts or crashes caused by this vulnerability, monitor your application logs for unexpected crashes or errors related to Nokogiri XML node access, especially when processing inputs that might include large negative indices.

Mitigation Strategies

The primary mitigation step is to upgrade Nokogiri to version 1.19.4 or later, where this vulnerability has been fixed.

If upgrading immediately is not possible, ensure that any externally supplied indices passed to Nokogiri::XML::NodeSet#[] or its alias #slice are validated to prevent large negative values that could trigger the out-of-bounds read.

Monitoring and restricting inputs that control the integer index passed to this method can reduce the risk of exploitation.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57235. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart