CVE-2026-56412

ADVISORY - debian

Summary

libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.

expat https://github.com/libexpat/libexpat/pull/1278 Fixed by: https://github.com/libexpat/libexpat/commit/d19e834794060d18c061d94452c35d725393ea58

Common Weakness Enumeration (CWE)

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.