CVE-2026-56132
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
In libexpat before version 2.8.2, there is a heap-based buffer overflow in the doProlog function in xmlparse.c. This issue arises from mishandling of scaffold backing array reallocation when there is data-structure sharing across parsers.
Risk Assessment
Heap-based buffer overflow can lead to the execution of malicious code, posing a serious security threat to applications using libexpat.
Recommendation
It is recommended to update libexpat to version 2.8.2 or later to mitigate this vulnerability.
Original NVD description (English source)
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

