Description
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.
Published: 2026-06-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an xmlwf, a component of the libexpat library. This flaw can corrupt memory during XML parsing, potentially leading to a crash and, in a worst‑case scenario, enabling an attacker to influence program flow. The weakness is identified as CWE‑190, and the primary impact is a denial of service from process termination.

Affected Systems

Affected deployments involve any system using the libexpat library prior to version 2.8.2, including applications that rely on libexpat for XML processing. The libexpat project maintains the vulnerable component, and the flaw originates in xmlwf’s resolveSystemId routine.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium‑severity vulnerability. EPSS data is not available, so the exact exploitation probability remains unknown, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widespread public exploitation at this time. Based on the description, it is inferred that the attacker must supply crafted XML input processed by the vulnerable routine; thus the likely attack vector is via malicious XML delivered to an application that uses libexpat for XML parsing. Exploitation requires no privileged state and would likely result in a denial of service by crashing the process or corrupting memory.

Generated by OpenCVE AI on June 21, 2026 at 18:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libexpat to version 2.8.2 or later to eliminate the overflow bug.
  • If an immediate upgrade is not possible, configure applications to disable processing of external system identifiers or enforce strict validation to prevent the vulnerable resolveSystemId from being invoked with untrusted input.
  • Adopt strict input validation or whitelist trusted XML sources to ensure only sanitized XML is parsed by libexpat.
  • Implement a watchdog or monitor to automatically restart any process that crashes, mitigating the denial‑of‑service impact until a patch can be applied.

Generated by OpenCVE AI on June 21, 2026 at 18:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in libexpat's resolveSystemId leading to Denial of Service libexpat: libexpat: Integer overflow in xmlwf can lead to information disclosure and arbitrary code execution.
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 22 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in libexpat's resolveSystemId leading to Denial of Service

Sun, 21 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.
First Time appeared Libexpat Project
Libexpat Project libexpat
Weaknesses CWE-190
CPEs cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Vendors & Products Libexpat Project
Libexpat Project libexpat
References
Metrics cvssV3_1

{'score': 6.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L'}


Subscriptions

Libexpat Project Libexpat
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-22T15:56:58.296Z

Reserved: 2026-06-21T15:54:59.828Z

Link: CVE-2026-56410

cve-icon Vulnrichment

Updated: 2026-06-22T15:56:53.978Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-21T15:55:00Z

Links: CVE-2026-56410 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T18:45:05Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound