Use-After-Free in libxml2 xmlParseInternalSubset (2.9.112.11.0)
CVE-2026-6653 Published on June 22, 2026

libxml2: Use after free in xmlParseInternalSubset via improper entity resolution handling
Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

NVD

Weakness Types

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2026-6653 has been classified to as a Dangling pointer vulnerability or weakness.

What is a XXE Vulnerability?

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CVE-2026-6653 has been classified to as a XXE vulnerability or weakness.

Affected Versions

GNOME libxml2:

Version 2.9.11 and below 2.11.0 is affected.

Use-After-Free in libxml2 xmlParseInternalSubset (2.9.112.11.0)CVE-2026-6653 Published on June 22, 2026

Weakness Types

What is a Dangling pointer Vulnerability?

What is a XXE Vulnerability?

Affected Versions

Use-After-Free in libxml2 xmlParseInternalSubset (2.9.112.11.0)
CVE-2026-6653 Published on June 22, 2026