Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Expat XML Parsing Security Error: Data Exposure
SUSE-SU-2026:0826-1
Summary
The expat library, used for parsing XML files, has been updated to fix security issues that could allow an attacker to access sensitive information or cause a system to crash. This update is available for Linux systems and is recommended to ensure the security of your system. Apply the update to your system as soon as possible.
What to do
- Update expat to version 2.7.1-150400.3.34.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | expat | <= 2.7.1-150400.3.34.1 | 2.7.1-150400.3.34.1 |
| – | expat | <= 2.7.1-150400.3.34.1 | 2.7.1-150400.3.34.1 |
| – | expat | <= 2.7.1-150400.3.34.1 | 2.7.1-150400.3.34.1 |
| – | expat | <= 2.7.1-150400.3.34.1 | 2.7.1-150400.3.34.1 |
Original title
Security update for expat
Original description
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
- https://www.suse.com/support/update/announcement/2026/suse-su-20260826-1/ Vendor Advisory
- https://bugzilla.suse.com/1257144 Third Party Advisory
- https://bugzilla.suse.com/1257496 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-24515 URL
- https://www.suse.com/security/cve/CVE-2026-25210 URL
Published: 5 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026