CVE-2026-56405: libexpat before 2.8.2 has an integer overflow in getAttributeId.

Overview

Severity

Medium (CVSS 6.9)

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Exploit Status

Not Exploited

Patch Tuesday

2026-Jun

Released

2026-06-27

Last Updated

2026-06-28

EPSS Score

0.10% (percentile: 1.2%)

Affected Products (5)

Open Source Software

• azl3 expat 2.6.4-6 on Azure Linux 3.0
• azl3 python3 3.12.9-11 on Azure Linux 3.0
• azl3 cmake 3.30.3-13 on Azure Linux 3.0

Other

• 21491-17084
• 21492-17084

Revision History

• 2026-06-27: Information published.
• 2026-06-28: Information published.