Skip to main content
Echelon
Graph
Product
Directory
Enterprise
Compliance
Pulse
Exposures
AI Analyst
Compare
Docs
Login
Start Free
Pulse
›
Vendor Advisories
›
Microsoft Security Response Center (MSRC)
›
CVE-2026-50219
CVE-2026-50219
Low
CVSS
4.9
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
Vendor
Microsoft Security Response Center (MSRC)
Published
June 9, 2026
Last Modified
—
🔗 CVE IDs covered (1)
CVE-2026-50219 →