DEBIAN-CVE-2026-6732

DEBIAN-CVE-2026-6732 PUBLISHED CVSS 7.5 HIGH

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	libxml2	2.14.3+dfsg, 2.14.4+dfsg, 2.14.5+dfsg
Debian:12	libxml2	2.9.14+dfsg-1.3~deb12u4, 2.9.14+dfsg-1.3~deb12u3, 2.9.14+dfsg-1.3~deb12u2
Debian:11	libxml2	2.9.14+dfsg, 2.12.3+dfsg-0exp1, 2.12.5+dfsg-0exp1
Debian:13	libxml2	2.15.2+dfsg, 2.15.1+dfsg, 2.15.1+dfsg

Exploit Intelligence

seen_cves.json (github-poc)
.trivyignore.yml (github-poc)
.trivyignore.yml (github-poc)
TestCommand.yaml (github-poc)

Timeline

Apr 23, 2026 CVE Published
May 6, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-6732 advisory

Open in Interactive Console →