CVE-2026-25210

ADVISORY - nist

Summary

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

EPSS Score⁠: 0.00005 (0.002)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-190⁠

Integer Overflow or Wraparound

ADVISORY - redhat

CWE-190⁠

Integer Overflow or Wraparound

Impacted images

Advisories

NIST

CREATED

6 days ago

UPDATED

11 hours ago

ADVISORY IDCVE-2026-25210⁠

EXPLOITABILITY SCORE

1.4

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-190⁠

CVSS SCORE

6.9medium

Alpine

CREATED

2 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-25210⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

6 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-25210⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

6 days ago

UPDATED

13 hours ago

ADVISORY IDCVE-2026-25210⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

6 days ago

UPDATED

5 days ago

ADVISORY IDCVE-2026-25210⁠

EXPLOITABILITY SCORE

1.4

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-190⁠

CVSS SCORE

6.9medium