CVE-2026-5037
mxml mxmlIndexNew mxml-index.c index_sort stack-based overflow
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
2th
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
| CWE | CWE-121 CWE-119 |
| Vendor | n/a |
| Product | mxml |
| Published | Mar 29, 2026 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a mxml
Be the first to know when new low vulnerabilities affecting n/a mxml are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / mxml
4.0.0 4.0.1 4.0.2 4.0.3 4.0.4
References
vuldb.com: https://vuldb.com/vuln/353963 vuldb.com: https://vuldb.com/vuln/353963/cti vuldb.com: https://vuldb.com/submit/778638 github.com: https://github.com/michaelrsweet/mxml/issues/350 github.com: https://github.com/michaelrsweet/mxml/issues/350#issuecomment-4051317229 github.com: https://github.com/user-attachments/files/25934383/1.xml github.com: https://github.com/michaelrsweet/mxml/commit/6e27354466092a1ac65601e01ce6708710bb9fa5
Credits
๐ MTHG (VulDB User)