216.73.217.98

CVE-2026-29079

· Published 13/03/2026 19:54 · Modified 13/03/2026 19:54

Labels: CVE-2026-29079 2026-03-13CVE-2026-29079CWE-843[email protected]

Essential information

Published
13/03/2026 19:54
Modified
13/03/2026 19:54
Author
Creator
CVSS
8.2 HIGH (v3) 8.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting the qualified_name field. That corrupted value is later used as a pointer and dereferenced near the zero page. This vulnerability is fixed in 2.7.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
lexbor / lexbor cpe:2.3:a:lexbor:lexbor:<2.7.0:*:*:*:*:*:*:*

References