Security Advisory

CVE-2026-56408

libexpat before 2.8.2 has an integer overflow in copyString.

Published

21 Jun 2026, 15:51 UTC

CVSS

6.9 · Medium (v3.1)

Weakness

CWE-190

Assigning CNA

mitre

Medium 6.9CVSS 3.1CWE-190

Description

libexpat before 2.8.2 has an integer overflow in copyString.

Severity (CVSS)

Base score	6.9
Severity	Medium
Version	CVSS 3.1
Vector	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Provided by	CNA

Weaknesses

CWE-190 — CWE-190 Integer Overflow or Wraparound

Affected products

Vendor	Product	Versions
libexpat project	libexpat	0 to <2.8.2

References

https://github.com/libexpat/libexpat/commit/16e2efd867ea8567ffa012210b52ef5918e20817

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 22 Jun 2026 14:43 UTC.