PT-2026-51315 · Libxml2 · Libxml2

Geoffrey Humphreys

Published

2026-06-22

Updated

2026-06-22

CVE-2026-6653

CVSS v4.0

8.3

High

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.9.11 through 2.11.0

Description A Use After Free issue exists in the xmlParseInternalSubset() function of libxml2. This occurs due to improper entity resolution handling, which allows a remote attacker to cause a denial-of-service by providing maliciously crafted XML input. Use After Free is a memory corruption flaw where a program continues to use a pointer after it has been freed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

XXE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-416

Related Identifiers

CVE-2026-6653

Affected Products

Libxml2

PT-2026-51315 · Libxml2 · Libxml2

CVE-2026-6653

Weakness Enumeration

Related Identifiers

Affected Products

References · 6