Home

Description

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

PUBLISHED Reserved 2026-04-20 | Published 2026-04-23 | Updated 2026-04-24 | Assigner redhat




MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Access of Resource Using Incompatible Type ('Type Confusion')

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-04-23:Reported to Red Hat.
2026-04-16:Made public.

Credits

Red Hat would like to thank Ariel Schon for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-6732 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2461300 (RHBZ#2461300) issue-tracking

gitlab.gnome.org/GNOME/libxml2/-/issues/1097

gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411

cve.org (CVE-2026-6732)

nvd.nist.gov (CVE-2026-6732)

Download JSON