CVE Catalog
CVE-2026-32776
MediumCVSS 4.0Exploitation Probability (EPSS)
Low risk0.14%
4th percentile - higher than 4% of all known CVEs
Summary
In libexpat before version 2.7.5, a NULL pointer dereference vulnerability exists when processing empty external parameter entity content. This can cause a crash in applications using this library.
Risk Assessment
An attacker can cause a denial of service (DoS) by providing specially crafted XML data that triggers a NULL pointer dereference in the libexpat parser.
Recommendation
Immediately update libexpat to version 2.7.5 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

