Medium severity6.5NVD Advisory· Published Apr 23, 2026· Updated May 15, 2026
CVE-2026-6732
CVE-2026-6732
Description
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.
Affected products
9- cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- gitlab.gnome.org/GNOME/libxml2/-/issues/1097nvdExploitIssue TrackingThird Party Advisory
- access.redhat.com/errata/RHSA-2026:11503nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2026-6732nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
2- Siemens Ruggedcom RoxCISA Alerts
- Siemens SIMATICCISA Alerts