Main Vulnerability Database SB2026022038

SB2026022038 - Memory leak in libxml2 xmllint

Published: February 20, 2026

Security Bulletin ID SB2026022038

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Partial DoS

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Memory leak (CVE-ID: CVE-2026-1757)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the interactive shell of the xmllint utility when handling whitespaces. A remote attacker can force the application to leak memory and perform denial of service attack.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://access.redhat.com/security/cve/CVE-2026-1757
https://bugzilla.redhat.com/show_bug.cgi?id=2435940