{"id":"CVE-2026-6732","summary":"Libxml2: libxml2: denial of service via crafted xsd-validated document","details":"A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.","modified":"2026-07-17T18:29:37.390684056Z","published":"2026-04-23T22:19:34.322Z","related":["SUSE-SU-2026:22596-1","SUSE-SU-2026:22636-1","openSUSE-SU-2026:21317-1"],"database_specific":{"cna_assigner":"redhat","cwe_ids":["CWE-843"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6732.json"},"references":[{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"WEB","url":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html"},{"type":"WEB","url":"https://catalog.redhat.com/software/containers/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:11503"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2026-6732"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6732.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6732"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461300"},{"type":"REPORT","url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/libxml2","events":[{"introduced":"cdd2575f7fbab1d8162600f4048bc37503c80e28"},{"fixed":"c94eb0210183b9d7cb43f8e7fddc6be55843ef49"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"2.13.0"},{"fixed":"2.15.3"}]}}],"versions":["v2.15.2","v2.15.1","v2.15.0","v2.14.0","v2.13.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6732.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/gnome/libxml2","events":[{"introduced":"cdd2575f7fbab1d8162600f4048bc37503c80e28"},{"fixed":"c94eb0210183b9d7cb43f8e7fddc6be55843ef49"}],"database_specific":{"extracted_events":[{"introduced":"2.13.0"},{"fixed":"2.15.3"}],"source":"CPE_RANGE","cpe":"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*"}}],"versions":["v2.15.2","v2.15.1","v2.15.0","v2.14.0","v2.13.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6732.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}