CVE-2026-1757Missing Release of Memory after Effective Lifetime in Libxml2

CWE-401Missing Release of Memory after Effective Lifetime6 documents6 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 99.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Xmlsoft Libxml2Debian Libxml2
Timeline
PublishedFeb 2

Description

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service conditio

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

debiandebian/libxml2< libxml2 2.15.2+dfsg-0.1 (forky)
Debianxmlsoft/libxml2< 2.15.2+dfsg-0.1

🔴Vulnerability Details

2
OSV
CVE-2026-1757: A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not prope2026-02-02
GHSA
GHSA-7qq5-wfv8-hvvh: A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not prope2026-02-02

📋Vendor Advisories

2
Red Hat
libxml2: Memory Leak Leading to Local Denial of Service in xmllint Interactive Shell2026-02-02
Debian
CVE-2026-1757: libxml2 - A flaw was identified in the interactive shell of the xmllint utility, part of t...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-1757 Impact, Exploitability, and Mitigation Steps | Wiz