CVE-2026-56404

Published: June 23, 2026Last modified: July 1, 2026

Description

libexpat before 2.8.2 has an integer overflow in addBinding.

Severity score breakdown

ParameterValue
Base score6.9
Attack VectorLOCAL
Attack complexityHIGH
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactLOW
VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSexpatFixed (2.8.2-r0)
25 LTSexpatFixed (2.8.2-r0)
StreamexpatFixed (2.8.2-r0)
Hardened Containers23 LTSexpatFixed (2.8.2-r0)
25 LTSexpatFixed (2.8.2-r0)
StreamexpatFixed (2.8.2-r0)

References

ON THIS PAGE