CVE-2026-6732— Libxml2: libxml2: denial of service via crafted xsd-validated document
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6732
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Libxml2: libxml2: denial of service via crafted xsd-validated document
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用不兼容类型访问资源(类型混淆)
Source: NVD (National Vulnerability Database)
Vulnerability Title
libxml2 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
libxml2是GNOME开源的一个用来解析XML文档的函数库。它用C语言写成,并且能为多种语言所调用,例如C语言,C++,XSH。 libxml2存在安全漏洞,该漏洞源于处理特制XML Schema定义文档时出现类型混淆错误,可能导致应用程序崩溃,从而造成拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Hardened Images | 2.15.3-0.1.hum1 ~ * | cpe:/a:redhat:hummingbird:1 | |
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat JBoss Core Services | - | cpe:/a:redhat:jboss_core_services:1 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | - | cpe:/a:redhat:openshift:4 |
II. Public POCs for CVE-2026-6732
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6732
请登录查看更多情报信息。
- 2461300 – (CVE-2026-6732) CVE-2026-6732 libxml2: libxml2: Denial of Service via crafted XSD-validated documentissue-trackingx_refsource_REDHAT
- https://nvd.nist.gov/vuln/detail/CVE-2026-6732
Same Patch Batch · Red Hat · 2026-04-23 · 6 CVEs total
| CVE-2026-34003 | 7.8 HIGH | Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-boun |
| CVE-2026-34001 | 7.8 HIGH | Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and pot |
| CVE-2026-33999 | 7.8 HIGH | Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibili |
| CVE-2025-66286 | 4.7 MEDIUM | Webkitgtk: authorization bypass through webpage::send-request signal handler |
| CVE-2026-2708 | 3.7 LOW | Libsoup: libsoup: http request smuggling via duplicate content-length headers |
IV. Related Vulnerabilities
Same product: Red Hat Hardened Images
- CVE-2026-33846
Gnutls: gnutls: denial of service via heap buffer overflow i - CVE-2026-1584
Gnutls: gnutls: remote denial of service via crafted clienth - CVE-2025-14821
Libssh: libssh: insecure default configuration leads to loca - CVE-2026-5745
Libarchive: a null pointer dereference vulnerability exists - CVE-2026-3184
Util-linux: util-linux: access control bypass due to imprope
Same vendor: Red Hat
- CVE-2026-42011
Gnutls: gnutls: security bypass due to incorrect name constr - CVE-2026-42010
Gnutls: gnutls: authentication bypass via nul character in u - CVE-2026-6420
Keylime: keylime: security bypass due to hardcoded tpm quote - CVE-2026-34956
Openvswitch: open vswitch: denial of service via malformed f - CVE-2026-34002
Xorg: xwayland: x.org x server: information disclosure or de
V. Comments for CVE-2026-6732
No comments yet