Question 1

What is CVE-2026-56132 — CVE-2026-56132?

Accepted Answer

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

Question 2

What is the authoritative source for CVE-2026-56132?

Accepted Answer

CVE-2026-56132 (CVE-2026-56132) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	6.9 ()
Vector	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Last modified	2026-06-19

CVE-2026-56132CVE-2026-56132

Description

Scoring