CVE-2026-5037 mxml mxmlIndexNew mxml-index.c index_sort stack-based overflow

🗓️ 29 Mar 2026 08:45:11Reported by VulDBType

CVE-2026-5037: mxml up to 4.0.4 index_sort stack overflow; local exploit; patch.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2026-5037	29 Mar 202608:45	–	attackerkb
CNNVD	mxml 安全漏洞	29 Mar 202600:00	–	cnnvd
CVE	CVE-2026-5037	29 Mar 202608:45	–	cve
Debian CVE	CVE-2026-5037	29 Mar 202608:45	–	debiancve
EUVD	EUVD-2026-16983	29 Mar 202609:30	–	euvd
NVD	CVE-2026-5037	29 Mar 202609:15	–	nvd
OSV	DEBIAN-CVE-2026-5037	29 Mar 202609:15	–	osv
OSV	OESA-2026-1860 mxml security update	11 Apr 202614:03	–	osv
OSV	UBUNTU-CVE-2026-5037	29 Mar 202609:15	–	osv
Positive Technologies	PT-2026-28748	1 Jan 202600:00	–	ptsecurity

[
  {
    "vendor": "n/a",
    "product": "mxml",
    "versions": [
      {
        "version": "4.0.0",
        "status": "affected"
      },
      {
        "version": "4.0.1",
        "status": "affected"
      },
      {
        "version": "4.0.2",
        "status": "affected"
      },
      {
        "version": "4.0.3",
        "status": "affected"
      },
      {
        "version": "4.0.4",
        "status": "affected"
      }
    ],
    "modules": [
      "mxmlIndexNew"
    ]
  }
]

Source	Link
github	www.github.com/michaelrsweet/mxml/commit/6e27354466092a1ac65601e01ce6708710bb9fa5
vuldb	www.vuldb.com/vuln/353963
vuldb	www.vuldb.com/vuln/353963/cti
github	www.github.com/michaelrsweet/mxml/issues/350
vuldb	www.vuldb.com/submit/778638
github	www.github.com/michaelrsweet/mxml/issues/350
github	www.github.com/user-attachments/files/25934383/1.xml

29 Mar 2026 08:45Current

CVSS 21.7

CVSS 3.13.3

CVSS 33.3

CVSS 44.8

EPSS0.0002