CVE Catalog

CVE-2026-32776

MediumCVSS 4.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile - higher than 4% of all known CVEs

Summary

In libexpat before version 2.7.5, a NULL pointer dereference vulnerability exists when processing empty external parameter entity content. This can cause a crash in applications using this library.

Risk Assessment

An attacker can cause a denial of service (DoS) by providing specially crafted XML data that triggers a NULL pointer dereference in the libexpat parser.

Recommendation

Immediately update libexpat to version 2.7.5 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS