libxml2 XSD Internal Entity Type-Confusion DoS
CVE-2026-6732 Published on April 23, 2026

Libxml2: libxml2: denial of service via crafted xsd-validated document
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public.

Weakness Type

What is an Object Type Confusion Vulnerability?

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

CVE-2026-6732 has been classified to as an Object Type Confusion vulnerability or weakness.


Products Associated with CVE-2026-6732

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Enterprise Linux (RHEL)
 
Red Hat Jboss Core Services
 
Red Hat Openshift
 

Affected Versions

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat JBoss Core Services: Red Hat OpenShift Container Platform 4: