xmlsoft security advisories
3 threat alerts tracking vulnerabilities and security advisories that affect xmlsoft products.
Vulnios monitors xmlsoft CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent xmlsoft security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-6653 — xmlsoft — libxml2
Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper ent
criticalCVE-2026-6653Critical Vulnerability: CVE-2017-16931 — xmlsoft — libxml2
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
criticalCVE-2017-16931Critical Vulnerability: CVE-2017-8872 — xmlsoft — libxml2
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
criticalCVE-2017-8872
Track xmlsoft exposure across your environment
Vulnios automatically cross-references your asset inventory against new xmlsoft CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan