2491203 – (CVE-2026-56412) CVE-2026-56412 libexpat: libexpat: Use-after-free vulnerability due to improper handling of XML CDATA sections

Bug 2491203 (CVE-2026-56412) - CVE-2026-56412 libexpat: libexpat: Use-after-free vulnerability due to improper handling of XML CDATA sections

Summary: CVE-2026-56412 libexpat: libexpat: Use-after-free vulnerability due to improp...

Keywords:
Status:	NEW
Alias:	CVE-2026-56412
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2493315 2493316 2493317 2493318 2493319
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-21 17:01 UTC by OSIDB Bzimport
Modified:	2026-06-26 00:42 UTC (History)
CC List:	23 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-21 17:01:15 UTC

libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.

Note You need to log in before you can comment on or make changes to this bug.

crizzo
dschmidt
erezende
ilpinto
jkoehler
jlanda
jmitchel
jwong
kaycoth
kshier
lphiri
ltomasbo
omaciel
pbohmill
rhel-process-autobot
simaishi
smcdonal
stcannon
teagle
ttakamiy
watson-tool-maintainers
yguenane
ykashtan