CVE-2026-41401

ADVISORY - nist

Summary

libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata attributes to applications parsing untrusted XML data, causing process crashes or potential code execution.

EPSS Score⁠: 0.00031 (0.095)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-416⁠

Use After Free

Impacted images

Advisories

NIST

CREATED

4 days ago

UPDATED

4 days ago

ADVISORY IDCVE-2026-41401⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.1high

Debian

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY IDCVE-2026-41401⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-41401⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium