CVE-2026-56412 · Symaro Security Advisory

Description

libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.

Severity (CVSS)

Base score	4.9
Severity	Medium
Version	CVSS 3.1
Vector	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Provided by	CNA

Weaknesses

CWE-416 — CWE-416 Use After Free

Affected products

Vendor	Product	Versions
libexpat project	libexpat	0 to <2.8.2

References

https://github.com/libexpat/libexpat/pull/1278

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 22 Jun 2026 14:43 UTC.