VYPR
Medium severity4.9NVD Advisory· Published Jun 4, 2026· Updated Jun 4, 2026

CVE-2026-50219

CVE-2026-50219

Description

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9

Patches

Vulnerability mechanics

References

1

News mentions

1