CVE-2026-6732

Libxml2: libxml2: denial of service via crafted xsd-validated document

Published: 4/23/2026 Last updated: 4/30/2026 Reserved: 4/20/2026

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (5)

bap-llvm conf-gtksourceview conf-gtksourceview3 conf-librsvg2 lablgtk3-gtkspell3

Products affected (16)

Product	Vendor	Version
Red Hat Enterprise Linux 8	Red Hat	8u131
Red Hat Enterprise Linux 9	Red Hat	Kernel-3.10
Red Hat Enterprise Linux 6	Red Hat	10.1.1.0
Red Hat Enterprise Linux 7	Red Hat	Google Chrome prior to 63.0.3239.84 unknown
Red Hat Enterprise Linux 8	Red Hat	5.4.0.x
Red Hat Enterprise Linux 9	Red Hat	5.4.1.x
Red Hat JBoss Core Services	Red Hat	5.4.2.x
Red Hat JBoss Core Services	Red Hat	Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions
Red Hat Enterprise Linux 10	Red Hat	10.1.0.0
Red Hat Enterprise Linux 10	Red Hat	8.7
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	Java SE: 6u151
Red Hat Hardened Images	Red Hat	10.0.4.0
Red Hat Hardened Images	Red Hat	Community and Enterprise editions prior to v10.70
Red Hat OpenShift Container Platform 4	Red Hat	5.4.3.x
Red Hat OpenShift Container Platform 4	Red Hat	n/a

References (10)

Credits (2)

Red Hat would like to thank Ariel Schon for reporting this issue.
Red Hat would like to thank Ariel Schon for reporting this issue.