CVE-2026-6732

Name: CVE-2026-6732
Creator: NVD / NIST
Published: 2026-04-23T23:16:16.443+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.63%

Last modified Jun 17, 2026

CVE-2026-6732 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. EPSS estimates a 0.63% chance of exploitation in the next 30 days.

Description

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.63%

45.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-843

Affected Software

Vendor	Product	Versions
Xmlsoft	Libxml2	>= 2.13.0, < 2.15.3
Redhat	Hardened Images	All versions
Redhat	Jboss Core Services	All versions
Redhat	Openshift Container Platform	4.0
Redhat	Enterprise Linux	6.0
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux	9.0
Redhat	Enterprise Linux	10.0

References

https://access.redhat.com/errata/RHSA-2026:11503Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-6732Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2461300Issue Tracking, Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097Exploit, Issue Tracking, Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411Issue Tracking, Third Party Advisory

Timeline

Published: Apr 23, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-6732?

How severe is CVE-2026-6732?

CVE-2026-6732 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.63% probability of exploitation in the next 30 days.

How do I fix CVE-2026-6732?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-6732?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST