CVE-2026-32776 PUBLISHED

Assigner: mitre
Reserved: 16.03.2026 Published: 16.03.2026 Updated: 16.03.2026

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS Score: 4

Product Status

Vendor libexpat project
Product libexpat
Versions Default: unaffected
  • affected from 0 to 2.7.5 (excl.)

References

Problem Types

  • CWE-476 NULL Pointer Dereference CWE