CVE-2026-50219

ADVISORY - nist

Summary

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,

EPSS Score⁠: 0.00218 (0.121)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-416⁠

Use After Free

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.