CVE-2026-56404

Public on 2026-06-21

Modified on 2026-06-23

Description

libexpat before 2.8.2 has an integer overflow in addBinding.

Severity

Medium

See what this means

CVSS v3 Base Score

6.9

See breakdown

Affected Packages

Platform	Package	Status
Amazon Linux 2 - Core	expat	Pending Fix
Amazon Linux 2023	expat	Pending Fix
Amazon Linux 2 - Firefox Extra	firefox	Pending Fix
Amazon Linux 2023	firefox	Pending Fix
Amazon Linux 2 - Core	thunderbird	Pending Fix
Amazon Linux 2023	xmlrpc-c	Not Affected

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.9	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L