PT-2026-38849

🗓️ 08 May 2026 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 9 Views

Use-after-free in libxslt numbers.c before 1.1.43 from nested XPath evals not restoring context node.

Reporter	Title	Published	Views	Family All 259
IBM Security Bulletins	Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization	5 Jun 202512:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	12 May 202517:40	–	ibm
FreeBSD	libxslt -- multiple vulnerabilities	13 Mar 202500:00	–	freebsd
Tenable Nessus	Amazon Linux 2023 : libxslt, libxslt-devel, python3-libxslt (ALAS2023-2025-909)	1 Apr 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libxslt (ALAS-2025-2823)	17 Apr 202500:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libxslt (ALAS-2025-1968)	22 Apr 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0054: libxslt (ALINUX3-SA-2025:0054)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : libxslt (ALSA-2025:3107)	25 Mar 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : libxslt (ALSA-2025:3615)	7 Apr 202500:00	–	nessus
Tenable Nessus	Apple TV < 18.3 Multiple Vulnerabilities (122072)	13 Feb 202600:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-24855
osv	www.osv.dev/vulnerability/BIT-jre-2025-24855
gitlab	www.gitlab.gnome.org/GNOME/libxslt/-/issues/128
lists	www.lists.debian.org/debian-lts-announce/2025/03/msg00015.html

08 May 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.8

EPSS0.00087

SSVC

Libxslt Use after free Nested path evaluations Context node restoration Version 1.1.43