CVE-2026-24515

CVSS Score & Metrics

Base Score

2.9 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L                                    

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

Published Date

January 23, 2026

Last Modified

January 30, 2026

CWE ID

CWE-476

Source

NVD

Vendor

libexpat project

Product

libexpat