{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-32776", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-03-16T06:54:19.802Z", "datePublished": "2026-03-16T06:54:20.318Z", "dateUpdated": "2026-03-16T14:58:38.710Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "libexpat", "vendor": "libexpat project", "versions": [{"lessThan": "2.7.5", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-16T07:12:53.623Z"}, "references": [{"url": "https://github.com/libexpat/libexpat/pull/1158"}, {"url": "https://github.com/libexpat/libexpat/pull/1159"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.7.5"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T14:58:32.064137Z", "id": "CVE-2026-32776", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:58:38.710Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32776", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T14:58:32.064137Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:58:35.221Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "affected": [{"vendor": "libexpat project", "product": "libexpat", "versions": [{"status": "affected", "version": "0", "lessThan": "2.7.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/libexpat/libexpat/pull/1158"}, {"url": "https://github.com/libexpat/libexpat/pull/1159"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.7.5"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-16T07:12:53.623Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32776", "state": "PUBLISHED", "dateUpdated": "2026-03-16T14:58:38.710Z", "dateReserved": "2026-03-16T06:54:19.802Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-16T06:54:20.318Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE95FCA4-11DD-4E66-8259-4884F323D57B", "versionEndExcluding": "2.7.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content."}], "id": "CVE-2026-32776", "lastModified": "2026-03-17T15:52:09.023", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-16T14:19:44.600", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libexpat/libexpat/pull/1158"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libexpat/libexpat/pull/1159"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "libexpat: libexpat: Denial of Service due to NULL pointer dereference", "id": "2447888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447888"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS)."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-32776", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "compat-expat1", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-expat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-16T06:54:20Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32776\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32776\nhttps://github.com/libexpat/libexpat/pull/1158\nhttps://github.com/libexpat/libexpat/pull/1159"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.7.5)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "libexpat", "vendor": "libexpat_project"}], "analysis": {"en": {"generated_at": "2026-03-17T01:23:22.299025+00:00", "value": {"mitigation_remediation": ["Upgrade libexpat to version 2.7.5 or later.", "Verify that XML parsing applications no longer use empty external parameter entities or validate incoming XML data.", "Monitor logs for unexpected crashes and apply additional isolation or input filtering as a temporary mitigation."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected vendor is the libexpat project. All builds of libexpat prior to version 2.7.5 contain the vulnerability. Any operating system or application that ships a pre\u20112.7.5 copy of libexpat or links against it could be impacted.", "description_and_impact": "libexpat before 2.7.5 can dereference a NULL pointer when parsing XML documents that contain an empty external parameter entity. This dereference causes the library, and therefore the calling application, to crash, resulting in a denial of service for that service. The vulnerability can be exploited by supplying a crafted XML payload to any process that uses the affected libexpat version.", "risk_and_exploitability": "The CVSS score is 4, indicating low to medium severity. The EPSS score is below 1%, suggesting a low likelihood of exploitation in the wild, and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack vector requires the ability to supply crafted XML; if the library is used by a network\u2011exposed service, remote attackers could trigger the crash, otherwise local attackers can exploit local processes that parse XML."}}}}, "created": "2026-03-17T09:53:14.336860+00:00", "updated": "2026-03-24T10:45:40.207155+00:00", "vendors": ["libexpat_project", "libexpat_project$PRODUCT$libexpat"]}