Description
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
Published: 2026-03-16
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

libexpat before 2.7.5 can dereference a NULL pointer when parsing XML documents that contain an empty external parameter entity. This dereference causes the library, and therefore the calling application, to crash, resulting in a denial of service for that service. The vulnerability can be exploited by supplying a crafted XML payload to any process that uses the affected libexpat version.

Affected Systems

The affected vendor is the libexpat project. All builds of libexpat prior to version 2.7.5 contain the vulnerability. Any operating system or application that ships a pre‑2.7.5 copy of libexpat or links against it could be impacted.

Risk and Exploitability

The CVSS score is 4, indicating low to medium severity. The EPSS score is below 1%, suggesting a low likelihood of exploitation in the wild, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector requires the ability to supply crafted XML; if the library is used by a network‑exposed service, remote attackers could trigger the crash, otherwise local attackers can exploit local processes that parse XML.

Generated by OpenCVE AI on March 17, 2026 at 01:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libexpat to version 2.7.5 or later.
  • Verify that XML parsing applications no longer use empty external parameter entities or validate incoming XML data.
  • Monitor logs for unexpected crashes and apply additional isolation or input filtering as a temporary mitigation.

Generated by OpenCVE AI on March 17, 2026 at 01:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Title libexpat: libexpat: Denial of Service due to NULL pointer dereference
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 07:30:00 +0000

Type Values Removed Values Added
Description libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
First Time appeared Libexpat Project
Libexpat Project libexpat
Weaknesses CWE-476
CPEs cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Vendors & Products Libexpat Project
Libexpat Project libexpat
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Libexpat Project Libexpat
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-16T14:58:38.710Z

Reserved: 2026-03-16T06:54:19.802Z

Link: CVE-2026-32776

cve-icon Vulnrichment

Updated: 2026-03-16T14:58:35.221Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:19:44.600

Modified: 2026-03-17T15:52:09.023

Link: CVE-2026-32776

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-16T06:54:20Z

Links: CVE-2026-32776 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:45:40Z

Weaknesses