CVE-2026-57438— Nokogiri: Possible Use-After-Free in XInclude Processing
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-57438
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nokogiri: Possible Use-After-Free in XInclude Processing
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Node#do_xinclude replaced each <xi:include> in place, freeing the include node along with its children (such as <xi:fallback> and its descendants) and any namespaces declared on them. If an application had already exposed one of those nodes or namespaces to Ruby, the corresponding Ruby object was left pointing at freed memory. Using the object could result in invalid reads or writes to memory. This vulnerability is fixed in 1.19.4.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| sparklemotion | nokogiri | < 1.19.4 | - |
II. Public POCs for CVE-2026-57438
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-57438
请登录查看更多情报信息。
Other References for CVE-2026-57438 (1)
Same Patch Batch · sparklemotion · 2026-06-25 · 8 CVEs total
| CVE-2026-57234 | 2.6 LOW | Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-20 |
| CVE-2026-57236 | Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an excep | |
| CVE-2026-57437 | Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond | |
| CVE-2026-57235 | Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]` | |
| CVE-2026-57436 | Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type | |
| CVE-2026-57435 | Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr | |
| CVE-2026-57434 | Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes |
IV. Related Vulnerabilities
Same product: nokogiri
- CVE-2026-57437
Nokogiri: Possible Use-After-Free when directly using `Nokog - CVE-2026-57436
Nokogiri: Possible Use-After-Free when setting `Document#roo - CVE-2026-57435
Nokogiri: Possible Use-After-Free when setting an attribute - CVE-2026-57434
Nokogiri: Null Pointer Dereference calling methods on uninit - CVE-2026-57235
Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::Nod
Same vendor: sparklemotion
- CVE-2026-57437
Nokogiri: Possible Use-After-Free when directly using `Nokog - CVE-2026-57436
Nokogiri: Possible Use-After-Free when setting `Document#roo - CVE-2026-57435
Nokogiri: Possible Use-After-Free when setting an attribute - CVE-2026-57434
Nokogiri: Null Pointer Dereference calling methods on uninit - CVE-2026-57235
Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::Nod
Same weakness: CWE-416
V. Comments for CVE-2026-57438
No comments yet