{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6653", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2026-04-20T06:37:45.271Z", "datePublished": "2026-06-22T12:40:31.424Z", "dateUpdated": "2026-06-22T15:51:11.554Z"}, "containers": {"cna": {"title": "libxml2: Use after free in xmlParseInternalSubset via improper entity resolution handling", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use after free", "type": "CWE"}, {"lang": "en", "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Processing", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "affected": [{"vendor": "GNOME", "product": "libxml2", "packageName": "libxml2", "repo": "https://gitlab.gnome.org/GNOME/libxml2", "versions": [{"status": "affected", "version": "2.9.11", "lessThan": "2.11.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling."}], "solutions": [{"lang": "en", "value": "Upgrade to libxml2 version 2.11.0 or later"}], "references": [{"url": "https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/2141260", "tags": ["issue-tracking"]}, {"url": "https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1058", "tags": ["issue-tracking"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}], "credits": [{"lang": "en", "value": "Geoffrey Humphreys", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-06-22T12:40:31.424Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-22T15:51:00.508541Z", "id": "CVE-2026-6653", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T15:51:11.554Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6653", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-22T15:51:00.508541Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T15:51:06.224Z"}}], "cna": {"title": "libxml2: Use after free in xmlParseInternalSubset via improper entity resolution handling", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Geoffrey Humphreys"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://gitlab.gnome.org/GNOME/libxml2", "vendor": "GNOME", "product": "libxml2", "versions": [{"status": "affected", "version": "2.9.11", "lessThan": "2.11.0", "versionType": "semver"}], "packageName": "libxml2", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to libxml2 version 2.11.0 or later"}], "references": [{"url": "https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/2141260", "tags": ["issue-tracking"]}, {"url": "https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1058", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use after free"}, {"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Processing"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-06-22T12:40:31.424Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6653", "state": "PUBLISHED", "dateUpdated": "2026-06-22T15:51:11.554Z", "dateReserved": "2026-04-20T06:37:45.271Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2026-06-22T12:40:31.424Z", "assignerShortName": "canonical"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "libxml2: mingw-libxml2: libxml2: Denial of Service via crafted XML input due to use-after-free", "id": "2491354", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491354"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.", "A flaw was found in libxml2. A remote attacker can exploit a use-after-free vulnerability in the `xmlParseInternalSubset` function by providing maliciously crafted XML input. This improper handling of entity resolution can lead to a denial-of-service (DoS), making the affected system or application unavailable."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.\nUpdating to a fixed version of libxml2 (2.11.0 or later upstream, or a future RHEL errata) will fully resolve this issue."}, "name": "CVE-2026-6653", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Not affected", "package_name": "libxml2", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-06-22T12:40:31Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6653\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6653\nhttps://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/2141260\nhttps://gitlab.gnome.org/GNOME/libxml2/-/work_items/1058"], "statement": "This Moderate impact use-after-free vulnerability in libxml2 can lead to a denial of service in Red Hat products that process untrusted XML input. In the worst-case scenario, a remote attacker is able to provide specially crafted XML, which, if parsed by an affected application, could cause the application to crash.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.9.11,2.11.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "libxml2", "source": "cna", "vendor": "GNOME"}, "product": "libxml2", "vendor": "gnome"}], "created": "2026-06-22T14:45:05.434280+00:00", "updated": "2026-06-22T15:45:03.680593+00:00", "vendors": ["gnome", "gnome$PRODUCT$libxml2"]}