CVE-2026-25210 MEDIUM

CVE-2026-25210

Vendor Libexpat Project
Product libexpat
Weakness CWE-190
Published January 30, 2026
Last update June 2, 2026

CVSS base score

6.9/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Key dates

02Disclosure timeline

January 30, 2026 CVE published
June 2, 2026 Record updated