CVE-2026-56406EXPLOITEDPATCHED

libexpat_project · libexpat

CVE-2026-56406: libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse

Description

libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

Affected Products

Vendor	Product	Versions
libexpat_project	libexpat	0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	expat	cert_advisory	90%

References

https://github.com/libexpat/libexpat/pull/1255

Related News (3 articles)

Tier A

Microsoft MSRC2h ago

CVE-2026-56406 libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

→ No new info (linked only)

Tier B

BSI Advisories6d ago

[NEU] [mittel] libexpat: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

→ No new info (linked only)

Tier C

VulDB6d ago

CVE-2026-56406 | libexpat up to 2.8.1 integer overflow

→ No new info (linked only)

CVSS 3.16.9 MEDIUM

VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

2.8.2

CWECWE-190

PublishedJun 21, 2026

Last enriched6d agov2

Trending Score63

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

Version History

Last enriched 6d ago

v2Tier C6d ago

Updated affected versions to include 2.8.1, changed severity to HIGH, and noted that the exploit is not available.

affectedVersionsseverityactivelyExploited

via VulDB

v16d ago

Initial creation

CVE-2026-56406: libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse

Description

Affected Products

Also Affects

References

Related News (3 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History