CVE-2026-56406

Public on 2026-06-21

Modified on 2026-06-23

Description

libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

Severity

Important

See what this means

CVSS v3 Base Score

7.7

See breakdown

Affected Packages

Platform	Package	Status
Amazon Linux 2 - Core	expat	Pending Fix
Amazon Linux 2023	expat	Pending Fix
Amazon Linux 2 - Firefox Extra	firefox	Pending Fix
Amazon Linux 2023	firefox	Pending Fix
Amazon Linux 2 - Core	thunderbird	Pending Fix
Amazon Linux 2023	xmlrpc-c	Pending Fix

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L