Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| libexpat project | libexpat | unaffected |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
No data.
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| https://github.com/libexpat/libexpat/pull/1278 |
|
Sun, 21 Jun 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Use-After-Free Vulnerability in libexpat Due to Missing Depth Tracking |
Sun, 21 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219. | |
| First Time appeared |
Libexpat Project
Libexpat Project libexpat |
|
| Weaknesses | CWE-416 | |
| CPEs | cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Libexpat Project
Libexpat Project libexpat |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-06-21T15:58:59.347Z
Reserved: 2026-06-21T15:58:58.955Z
Link: CVE-2026-56412
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-21T18:30:07Z