Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-57436— Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type

AI Predicted 4.3 Difficulty: Moderate EPSS 0.31% · P23

Possible ATT&CK Techniques 1AI

T1203 · Exploitation for Client Execution

Affected Version Matrix 1

VendorProductVersion RangeStatus
sparklemotionnokogiri< 1.19.4affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-57436

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault. This vulnerability is fixed in 1.19.4.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sparkle Motion Nokogiri 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sparkle Motion Nokogiri是Sparkle Motion个人开发者的一个HTML、XML和SAX解析库。 Sparkle Motion Nokogiri 1.19.4之前版本存在资源管理错误漏洞,该漏洞源于在设置文档根节点时验证不足,导致垃圾回收或终止期间出现堆释放后重用,可能导致无效内存读取或段错误。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
sparklemotionnokogiri < 1.19.4 -

II. Public POCs for CVE-2026-57436

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-57436

登录查看更多情报信息。

Vendor Advisories for CVE-2026-57436 (1)

Same Patch Batch · sparklemotion · 2026-06-25 · 8 CVEs total

CVE-2026-572342.6 LOWNokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-20
CVE-2026-57438Nokogiri: Possible Use-After-Free in XInclude Processing
CVE-2026-57236Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an excep
CVE-2026-57437Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond
CVE-2026-57235Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`
CVE-2026-57435Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr
CVE-2026-57434Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes

IV. Related Vulnerabilities

V. Comments for CVE-2026-57436

No comments yet


Leave a comment