CVE-2026-50219 - CERT CVE

  1. CVE-2026-50219

ID CVE-2026-50219
Sažetak libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
Reference
CVSS
Base: 4.9
Impact: 3.4
Exploitability:1.4
Pristup
VektorSloženostAutentikacija
LOCAL HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW LOW
CVSS vektor CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Zadnje važnije ažuriranje 04-06-2026 - 18:39
Objavljeno 04-06-2026 - 06:16