Unrated severityNVD Advisory· Published Jun 19, 2026

CVE-2026-56131

Description

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Libexpat Project/Libexpatllm-fuzzy
Range: <2.8.2

Patches

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

github.com/libexpat/libexpat/pull/1267mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000