AZL-76340 CVE-2026-25210 affecting package expat for versions less than 2.6.4-4

🗓️ 30 Jan 2026 07:16:15Reported by GoogleType

osv🔗 osv.dev👁 2 Views

Expat vulnerability pre 2.6.4-4 and libexpat pre 2.7.4 due to missing overflow check in doContent.

Reporter	Title	Published	Views	Family All 176
FreeBSD	expat -- multiple vulnerabilities	31 Jan 202600:00	–	freebsd
IBM Security Bulletins	Security Bulletin: AIX/VIOS Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)	17 Mar 202622:03	–	ibm
IBM Security Bulletins	Security Bulletin: AIX/VIOS Perl is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)	17 Mar 202622:04	–	ibm
ATTACKERKB	CVE-2026-25210	30 Jan 202606:40	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : firefox (ALAS2023-2026-1424)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2026-1425)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : expat, --advisory ALAS2-2026-3170 (ALAS-2026-3170)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3171 (ALAS-2026-3171)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-051 (ALASFIREFOX-2026-051)	19 Feb 202600:00	–	nessus
Tenable Nessus	FreeBSD : expat -- multiple vulnerabilities (027c6c07-065b-11f1-baae-589cfc023192)	13 Feb 202600:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-25210

21 Apr 2026 04:39Current

7.6High risk

Vulners AI Score7.6

CVSS 3.16.9 - 7.8

EPSS0.00007

SSVC