Lucene search
K

Linux Distros Unpatched Vulnerability : CVE-2026-11979

🗓️ 30 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 3 Views

Linux libxml2 unpatched CVE-2026-11979 in xmlcatalog shell mode may crash or allow code execution.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-11979
29 Jun 202613:21
attackerkb
AlpineLinux
CVE-2026-11979
29 Jun 202613:21
alpinelinux
Circl
CVE-2026-11979
29 Jun 202615:57
circl
CVE
CVE-2026-11979
29 Jun 202613:21
cve
Cvelist
CVE-2026-11979 Stack-Based Buffer Overflow in libxml2
29 Jun 202613:21
cvelist
Debian CVE
CVE-2026-11979
29 Jun 202613:21
debiancve
EUVD
EUVD-2026-40092
29 Jun 202613:21
euvd
NVD
CVE-2026-11979
29 Jun 202614:16
nvd
OSV
DEBIAN-CVE-2026-11979
29 Jun 202614:16
osv
OSV
ECHO-EB03-65DA-1E8C
30 Jun 202608:28
osv
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(323767);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/30");

  script_cve_id("CVE-2026-11979");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-11979");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in
    --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper
    bounds checking. By supplying an overly long input line, an attacker can overflow internal buffers
    (command, arg, and argv) during input parsing. This results in memory corruption within the stack frame.
    Successful exploitation may cause a crash or potentially allow arbitrary code execution in the context of
    the xmlcatalog process. This issue has been fixed in the commit c2e233fc. NOTE: The maintainers of this
    project did not agree that this issue is a vulnerability and considered it a bug. (CVE-2026-11979)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-11979");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-11979");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:13.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxml2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12", "Host/OS/Debian Linux-13", "Host/OS/Debian Linux-14");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-12": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "12",
        "pkgs": [
          {"reference": "libxml2"},
          {"reference": "libxml2-dev"},
          {"reference": "libxml2-doc"},
          {"reference": "libxml2-utils"},
          {"reference": "python3-libxml2"}
        ]
      }
    ]
  },
  "Debian Linux-13": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "13",
        "pkgs": [
          {"reference": "libxml2"},
          {"reference": "libxml2-dev"},
          {"reference": "libxml2-doc"},
          {"reference": "libxml2-utils"},
          {"reference": "python3-libxml2"}
        ]
      }
    ]
  },
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "libxml2"},
          {"reference": "libxml2-dev"},
          {"reference": "libxml2-doc"},
          {"reference": "libxml2-utils"},
          {"reference": "python3-libxml2"},
          {"reference": "python3-libxml2-dbg"}
        ]
      }
    ]
  },
  "Debian Linux-14": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14",
        "pkgs": [
          {"reference": "libxml2-16"},
          {"reference": "libxml2-dev"},
          {"reference": "libxml2-doc"},
          {"reference": "libxml2-source"},
          {"reference": "libxml2-utils"},
          {"reference": "python3-libxml2"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

30 Jun 2026 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 3.17.8
CVSS 41.8
EPSS0.00148
SSVC
3