CVE-2026-50219

ADVISORY - nist

Summary

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,

EPSS Score⁠: 0.00218 (0.121)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-416⁠

Use After Free

Impacted images

Advisories

NIST

CREATED

22 days ago

UPDATED

21 days ago

ADVISORY IDCVE-2026-50219⁠

EXPLOITABILITY SCORE

1.4

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-416⁠

CVSS SCORE

4.9medium

Debian

CREATED

21 days ago

UPDATED

6 hours ago

ADVISORY IDCVE-2026-50219⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

21 days ago

UPDATED

14 days ago

ADVISORY IDCVE-2026-50219⁠

EXPLOITABILITY SCORE

2.5

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.9medium

Chainguard

CREATED

13 hours ago

UPDATED

13 hours ago

ADVISORY ID

CGA-gjp2-qvw3-j4qm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY