libxml2 DoS Vulnerability, CVSS 6.5, Medium
Summary
A medium-severity denial-of-service vulnerability has been identified in Open Source libxml2 version 2.13.0 and later. An attacker in an adjacent network can exploit this vulnerability to conduct a denial-of-service attack. The vulnerability has a CVSS base score of 6.5 and temporal score of 5.9. CERT-Bund confirms that mitigations are available. The affected platforms include UNIX, Windows, and other operating systems.
“Ein Angreifer aus einem angrenzenden Netzwerk kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuführen.”
Organisations using libxml2 should audit their software stacks for version 2.13.0 or later and apply the available mitigations as a priority, given the adjacent-network attack vector and confirmed DoS exploitability. Patch management processes should be updated to track libxml2 security advisories.
About this source
CERT-Bund is the German federal cybersecurity agency's incident response team, run by the BSI. Their advisory feed publishes vulnerability disclosures and active exploitation warnings for software in widespread enterprise use: VPN appliances, email servers, file transfer products, ERP systems, browsers, hypervisors. Around 280 advisories a month, each with a CVSS score, affected versions, and remediation guidance. The advisories are written in German but cover the same vulnerabilities that show up in CISA, NCSC-UK, and JPCERT bulletins, often hours earlier. Watch this if you patch enterprise software, run a SOC, or write detection rules. GovPing publishes each advisory with the affected vendor, CVSS score, and original CERT-Bund link.
What changed
CERT-Bund published a security advisory detailing a denial-of-service vulnerability in Open Source libxml2. The vulnerability affects all versions from 2.13.0 onwards on UNIX, Windows, and other platforms. The CVSS base score is 6.5 (medium) with a temporal score of 5.9. A remote attack from an adjacent network is possible.
Affected organisations should identify systems running libxml2 version 2.13.0 or later and apply available mitigations to prevent denial-of-service attacks. As this is a widely-used XML parsing library, the vulnerability may affect multiple software applications and services that depend on it.
Archived snapshot
Apr 24, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1257] libxml2: Schwachstelle ermöglicht Denial of Service CVSS Base Score 6.5 (mittel) CVSS Temporal Score 5.9 (mittel) Remoteangriff ja Datum 23.04.2026 Stand 24.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
libxml ist ein C Parser und Toolkit, welches für das Gnome Projekt entwickelt wurde.
Produkte
23.04.2026
- Open Source libxml2 >=2.13.0
Angriff
Angriff
Ein Angreifer aus einem angrenzenden Netzwerk kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.