ID:12787 - Exploit for Use-after-free in libyang
Published: July 1, 2026
Vulnerability identifier: #VU136053
Vulnerability risk: High
CVE-ID: N/A
CWE-ID: CWE-416
Exploitation vector: Remote access
Vulnerable software:
libyang
libyang
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the "lyd_validate_unres", "lyd_validate_unres_when" and "lyd_validate_autodel_node_del" functions. A remote attacker can execute arbitrary code on the target system.
Remediation
Install updates from vendor's website.