CVE-2026-56412
MediumCVSS 4.9Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
In libexpat before version 2.8.2, XML_TOK_DATA_CHARS is not considered in doCdataSection, leading to a lack of handler call depth tracking in cases of policy violation. This can result in a use-after-free error.
Risk Assessment
Organizations may be vulnerable to attacks exploiting this flaw, potentially leading to unauthorized memory access and data leaks.
Recommendation
It is recommended to update the libexpat library to version 2.8.2 or later to mitigate this vulnerability.
Original NVD description (English source)
libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.

