CVE-2026-6653

UNKNOWN 0.0

libxml2: Use after free in xmlParseInternalSubset via improper entity resolution handling

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

CWE	CWE-416 CWE-611
Vendor	gnome
Product	libxml2
Published	Jun 22, 2026
Last Updated	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for gnome libxml2

Be the first to know when new unknown vulnerabilities affecting gnome libxml2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

GNOME / libxml2

2.9.11 < 2.11.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bugs.launchpad.net: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/2141260 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1058

Credits

Geoffrey Humphreys