CVE-2026-6653
HighCVSS 7.0Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
A Use After Free vulnerability in libxml2's xmlParseInternalSubset allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.
Risk Assessment
An attacker can exploit this vulnerability to disrupt the operation of applications using libxml2, potentially leading to service outages.
Recommendation
It is recommended to update libxml2 to version 2.11.1 or later to mitigate this vulnerability.
Original NVD description (English source)
Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

