CVE-2026-56132

ADVISORY - debian

Summary

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

expat 2.8.2-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140388) https://github.com/libexpat/libexpat/pull/1272

EPSS Score⁠: 0.00088 (0.005)

Common Weakness Enumeration (CWE)

Impacted images

Advisories

Alpine

CREATED

4 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-56132⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

11 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-56132⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

8 days ago

UPDATED

6 days ago

ADVISORY IDCVE-2026-56132⁠

EXPLOITABILITY SCORE

1.4

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.9medium

Chainguard

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

CGA-9x2h-jjvc-66mh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY