CVE-2026-57235
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk25th percentile — higher than 25% of all known CVEs
Summary
Vulnerability in the Nokogiri library for Ruby allows out-of-bounds memory read via the Nokogiri::XML::NodeSet#[] method (and its alias #slice). The issue stems from incorrect bounds checking where the index is truncated to 32 bits before validation, allowing a very large negative index to pass the check and read outside allocated memory. On CRuby this causes process crashes, on JRuby it returns an incorrect node.
Risk Assessment
An attacker could exploit this vulnerability to cause application crashes (denial of service) or potentially read sensitive data from memory, threatening system confidentiality and availability.
Recommendation
Immediately update the Nokogiri library to version 1.19.4 or later, which contains the fix for this vulnerability.
Original NVD description (English source)
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4.

