CVE-2026-6653

Severity CVSS v4.0:
HIGH
Type:
CWE-416 Use After Free
Publication date:
22/06/2026
Last modified:
14/07/2026

Description

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* 2.9.11 (including) 2.11.0 (including)