216.73.217.98

CVE-2026-1757

· Published 02/02/2026 13:15 · Modified 03/02/2026 16:44

Labels: CVE-2026-1757 2026-02-02CVE-2026-1757CWE-401[email protected]

Essential information

Published
02/02/2026 13:15
Modified
03/02/2026 16:44
Author
Creator
CVSS
6.2 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
gnome / libxml2 cpe:2.3:a:gnome:libxml2:*:*:*:*:*:*:*:*
gnome / xmllint cpe:2.3:a:gnome:xmllint:*:*:*:*:*:*:*:*

References