CVE Catalog

CVE-2026-6653

HighCVSS 7.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

20th percentile - higher than 20% of all known CVEs

Summary

A Use After Free vulnerability in libxml2's xmlParseInternalSubset allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

Risk Assessment

An attacker can exploit this vulnerability to disrupt the operation of applications using libxml2, potentially leading to service outages.

Recommendation

It is recommended to update libxml2 to version 2.11.1 or later to mitigate this vulnerability.

Original NVD description (English source)

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS