2703 matches found
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
Entity encoding bypass via regex injection in DOCTYPE entity names Summary A dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities , , &, ", ' with arbitrary values. This bypasses entity encoding and leads to...
5-ifc-check-cli (=1.0.0), 7ghost (>=4.11.2 <=4.11.46) +3858 more potentially affected by CVE-2026-25896 via fast-xml-parser (>=4.1.3 <=4.5.3)
fast-xml-parser NPM version =4.1.3, =4.11.2, =0.1.1, =0.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2026-25896 Source advisory: SNYK:JS-FASTXMLPARSER-15324289...
com.codbex.atlas:codbex-atlas-application (>=2.62.0 <=2.107.0), com.codbex.gaia:codbex-gaia-application (>=2.61.0 <=2.64.0) +22 more potentially affected by CVE-2026-25896 via org.webjars.npm:fast-xml-parser (>=4.5.3 <=5.2.5)
org.webjars.npm:fast-xml-parser MAVEN version =4.5.3, =2.62.0, =2.61.0, =2.52.0, =2.52.0, =2.51.0, =2.51.0, =3.6.0, =2.50.0, =5.0.0, =5.0.0, =11.58.0, =12.2.0, =11.58.0, =11.58.0, =11.48.2, =12.1.0 and more Source cves: CVE-2026-25896 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15324290...
Incorrect Regular Expression
Overview fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Incorrect Regular Expression in the entity parsing RegEx in DOCTYPE declarations. An attacker can inject arbitrary values that override built-in XML...
@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1099 more potentially affected by CVE-2026-25896 via fast-xml-parser (>=5.0.1 <=5.3.4)
fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.6.22 and more Source cves: CVE-2026-25896 Source advisory: SNYK:JS-FASTXMLPARSER-15324289...
5-ifc-check-cli (=1.0.0), 7ghost (>=4.11.2 <=4.11.46) +3858 more potentially affected by CVE-2026-25896 via fast-xml-parser (>=4.1.3 <=4.5.3)
fast-xml-parser NPM version =4.1.3, =4.11.2, =0.1.1, =0.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2026-25896 Source advisory: OSV:GHSA-M7JM-9GC2-MPF2...
fast-xml-parser 安全漏洞
fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and processing XML files without relying on C/C++-based libraries or callbacks. There were security vulnerabilities in versions 4.1.3 to 5.3.5 of fast-xml-parser, where the dot...
PT-2026-21298
Name of the Vulnerable Software and Affected Versions fast-xml-parser versions 4.1.3 through 5.3.5 Description fast-xml-parser has a flaw in how it handles DOCTYPE entity names during XML parsing. Specifically, a dot . within an entity name is treated as a regex wildcard during entity replacement...
CVE-2026-26278
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...
CVE-2026-26278
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...
UBUNTU-CVE-2026-26278
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...
CVE-2026-26278 fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...
CVE-2026-26278
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...
CVE-2026-26278
CVE-2026-26278 affects the fast-xml-parser library. In versions 4.1.3 through 5.3.5, the XML parser could be forced into unbounded entity expansion, causing a single small XML input to consume seconds/minutes of CPU time and freeze the app. The issue is resolved in version 5.3.6. A workaround is ...
CVE-2026-26278
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...
CVE-2026-26278 fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...
CVE-2026-26278 fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...
fast-xml-parser 安全漏洞
fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and processing XML files without relying on C/C++-based libraries or callbacks. Fast-xml-parser versions 5.3.5 and earlier contain security vulnerabilities. These vulnerabiliti...
Linux Distros Unpatched Vulnerability : CVE-2026-26278
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1...
AIX (IJ57282)
The version of AIX installed on the remote host is prior to APAR IJ57282. It is, therefore, affected by a vulnerability as referenced in the IJ57282 advisory. - A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function...