Unbounded resource consumption in the Rust opentelemetry_sdk's BaggagePropagator::extract_with_context allows unauthenticated remote attackers to cause elevated CPU and heap allocation overhead by sending oversized W3C baggage propagation headers to any service using versions 0.32.0 or earlier. The SDK parsed the full header content before applying storage limits, meaning attacker-supplied data was processed and then discarded - wasting resources on every malicious request. A parallel design-level gap affects the Java (GHSA-rcgg-9c38-7xpx) and Go (GHSA-mh2q-q3fh-2475) OpenTelemetry SDKs, suggesting a cross-ecosystem pattern; no public exploit or active exploitation (KEV) has been identified.
HTML injection on pretix's individual ticket confirmation page allows unsanitized email address content to execute arbitrary HTML - including scripts - in the browser of anyone who views that page. The injection point is the email address field submitted at order creation, which pretix stored and rendered without output encoding on the per-ticket confirmation view. Exploitation requires no authentication (PR:N in CVSS 4.0) but does require a victim to load the affected page (UI:P). No public exploit is identified and the vulnerability is not listed in CISA KEV; a vendor-released patch is available in version 2026.5.2.
Improper bounds validation in Silicon Labs EmberZNet SDK versions 9.0.2 and earlier exposes Zigbee-connected devices to crashes and dynamic memory leakage via network-reachable input. Authenticated network attackers can trigger the flaw with low complexity, resulting in denial-of-service conditions or unintended disclosure of heap contents. No public exploit has been identified at time of analysis, and a vendor patch is available via the SISDK GitHub release repository.
DNS response manipulation in PowerDNS Recursor 5.4.x allows network-positioned attackers to inject false DNS records through insufficient validation of answers received from authoritative servers, resulting in low-integrity violations in name resolution for downstream clients. The 5.4.x branch received hardening patches per PowerDNS advisory 2026-08 to close this validation gap. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.
Denial of service in PowerDNS dnsdist's DNS over HTTP/3 (DoH3) handler allows unauthenticated remote attackers to exhaust server memory by opening high volumes of concurrent QUIC streams carrying crafted queries. Each crafted query triggers an exception that defers buffer deallocation until QUIC connection teardown rather than releasing memory promptly, enabling cumulative memory exhaustion across simultaneous streams. No public exploit code or active exploitation has been identified at time of analysis, and the attack surface is limited to instances with DoH3 explicitly enabled.
TCP connection resource leak in PowerDNS dnsdist allows remote unauthenticated attackers to exhaust backend TCP connection capacity by sending IXFR (Incremental Zone Transfer) queries. Affected dnsdist instances fail to promptly release outgoing TCP connections to backends after IXFR processing, leaving them open until OS-level timeout; under sustained query volume this can exhaust the backend's concurrent connection limit or the dnsdist process's file descriptor table. No public exploit has been identified at time of analysis, and no CISA KEV listing exists, but the AV:N/AC:L/PR:N attack surface makes the trigger trivially automatable from the internet.
ZONEMD validation bypass in PowerDNS Recursor allows a cryptographically invalid DNS zone to be accepted as legitimate when ZoneToCache is configured with ZONEMD validation enabled. This undermines the integrity guarantee that ZONEMD is designed to provide - an attacker capable of serving a crafted zone to the resolver (e.g., via a rogue authoritative source or network interception) can cause the recursor to cache and serve tampered DNS data. No public exploit code has been identified and exploitation is not confirmed in CISA KEV; real-world risk is constrained by the non-default configuration prerequisite.
Improper packet cache handling in PowerDNS Recursor causes ECS zero-scoped DNS answers to be stored in the cache when they should be discarded or handled as global entries, creating an information disclosure pathway. All Recursor versions (cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*) are affected, but only deployments with EDNS Client Subnet (ECS) explicitly enabled are exposed. The CVSS score of 5.3 with a network vector and no required privileges reflects that any DNS client can trigger the improper caching behavior, though real-world impact is bounded by the non-default ECS configuration requirement. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog.
Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Red Hat Build of Keycloak allows realm administrators holding the 'manage-realm' role to probe arbitrary filesystem paths by submitting unsanitized path values as keystore parameters during key provider component creation. The Keycloak process's file access attempt reveals whether a given path exists and is readable, functioning as a filesystem oracle for authenticated attackers. No public exploit code or active exploitation has been identified at time of analysis; the CVSS score of 4.9 (PR:H) reflects the significant constraint of requiring realm administrator credentials prior to exploitation.
Cleartext password storage in Netflix Lemur's user-update service path allows any attacker who gains read access to the Lemur database, its backups, query logs, or read replicas to obtain directly usable plaintext credentials - no offline cracking required. The flaw affects all Lemur deployments running pip/lemur <= 1.9.1 and is triggered exclusively when an administrator resets a user password through the admin-gated PUT /api/1/users/<id> API endpoint. No public exploit is required: the advisory itself contains precise reproduction steps, and the side effect (immediate login failure for affected users) makes the exposure operationally detectable. No KEV listing exists at time of analysis.
JWT algorithm confusion in Netflix Lemur 1.9.0 allows an attacker to control which signing algorithm the server trusts by supplying an arbitrary alg value in the unverified token header, which is passed directly to pyjwt.decode() instead of a server-pinned allowlist. On current PyJWT 2.x deployments the standalone impact is limited to audit-log blinding and a durable algorithm-downgrade primitive; full account takeover requires chaining with a separate LEMUR_TOKEN_SECRET disclosure vulnerability, after which a forged HS256 admin JWT yields HTTP 200 with role=admin. A public proof-of-concept walkthrough exists (asciinema); no active exploitation is confirmed in CISA KEV.
dnsdist's SetMacAddrAction handler exposes operators to uninitialized memory leakage in DNS responses and potential service crashes when the action is configured in the ruleset. The flaw is reachable over the network without authentication (AV:N/PR:N), but the high attack complexity (AC:H) constrains real-world impact to deployments that have explicitly enabled SetMacAddrAction - a non-default configuration. No public exploit code exists and no CISA KEV listing is present at time of analysis; the PowerDNS security team (Open-Xchange) reported this internally, suggesting responsible disclosure rather than observed active exploitation.
Authorization bypass in Red Hat Build of Keycloak's UMA engine lets an authenticated user who holds a valid permission ticket for a single resource escalate access to all resources of the same type on the resource server by crafting a specific permission request prefix. The bypass is silently permitted when the resource server operates in PERMISSIVE enforcement mode with ownerManagedAccess enabled and no explicit type-level policy in place. No public exploit code exists and this CVE is not listed in CISA KEV at time of analysis, but the low attack complexity and network vector make this a credible internal-privilege escalation path in affected Keycloak deployments.
Insecure temporary file handling in Claude Code's `/copy` command exposes privileged users on multi-user systems to two distinct local attacks: passive response disclosure and symlink-based arbitrary file write. The command unconditionally writes AI response content to `/tmp/claude/response.md` - a static, world-readable path in a world-traversable directory - enabling any local user to read output that may contain secrets, credentials, or sensitive data. A more capable local attacker can pre-plant a symlink at the predictable path, causing a privileged process's `/copy` invocation to overwrite an attacker-chosen file. Affected versions span `@anthropic-ai/claude-code` 2.1.59 through 2.1.127; no public exploit has been identified at time of analysis, and no CISA KEV listing exists.
Sensitive data exposure in GitLab CE/EE affects all instances running versions from 9.3 through 18.11.5, 19.0 through 19.0.2, and 19.1.0, where under certain conditions a CI/CD API endpoint fails to adequately filter sensitive information before writing it to application logs. A high-privileged local actor who can access application log files on the GitLab server may recover sensitive data that should never have been persisted. No public exploit code exists and this vulnerability is not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis.
Path traversal in Rapid7 InsightConnect's Compression Plugin on Linux allows authenticated attackers with high privileges to write files to arbitrary paths on the underlying host via crafted archive filenames passed to the create_archive function. Impact is constrained to file corruption - the attacker can control write destination but not write content, preventing code execution via this vector alone. No public exploit code exists and no KEV listing is present; the low CVSS score of 3.3 reflects the high authentication bar and limited impact scope.
Content injection in GitLab CE/EE via improper Snippet input validation permits authenticated low-privilege users to conceal arbitrary content within Snippets, affecting all versions from 14.8 through 19.1.0. Despite being tagged as Code Injection (CWE-94) with RCE in vendor-supplied tags, the published CVSS score of 4.3 with only low integrity impact (I:L) indicates the vendor-confirmed impact is scoped to content concealment rather than full remote code execution. Patches are available in versions 18.11.6, 19.0.3, and 19.1.1; no public exploit and no CISA KEV listing have been identified at time of analysis.
Incorrect authorization in GitLab CE/EE allows authenticated users holding developer-role permissions to bypass Maven package protection rules and overwrite protected package metadata. All GitLab versions from 17.11 through 18.11.5, 19.0.0 through 19.0.2, and 19.1.0 are affected, with patched releases available across all three trains. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; real-world impact is scoped to organizations that have explicitly configured Maven package protection rules and host untrusted developer-role users.
Incorrect authorization in GitLab CE/EE's group packages feature exposes package metadata from projects where the Package Registry has been explicitly disabled, allowing any authenticated Reporter-level group member to enumerate package names, versions, and publish timestamps that project owners intended to restrict. The flaw spans a very wide version range - all 13.6+ releases up to the newly-issued fixes in 18.11.6, 19.0.3, and 19.1.1 - meaning a large proportion of self-hosted GitLab deployments are affected. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
PowerDNS Authoritative Server's optional internal web server accepts crafted HTTP requests that trigger unbounded memory allocation, exhausting process memory and causing a denial of service against the DNS service. Exploitation requires low-privilege authentication (PR:L per CVSS vector) and the internal web server must be explicitly enabled - it is disabled by default, sharply limiting the real-world attack surface. No public exploit code has been identified and this vulnerability is not listed in CISA KEV.
Missing authorization in the Mattermost Google Drive plugin's file creation endpoint (all versions before 1.1.0) allows authenticated Mattermost users with a linked Google account to share Drive files into private channels they are not a member of, and to infer the existence and membership of those private channels. The root cause is CWE-862 (Missing Authorization): the endpoint processes the target channel ID supplied by the caller without verifying the caller belongs to that channel. No public exploit has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.
Stack out-of-bounds write in Vim's spell_soundfold_sofo() function (src/spell.c) allows local exploitation when a SOFO-based spell language is active and the soundfold path is triggered with a word exceeding MAXWLEN (254) bytes, corrupting the call frame and crashing the editor with theoretical code execution potential. All Vim releases prior to 9.2.0698 carrying the single-byte SOFO branch are affected; the vendor has released a confirmed fix at v9.2.0698. No public exploit code exists and no CISA KEV listing is present; the CVSS 4.0 E:U supplemental metric confirms exploitation remains unproven at time of analysis.
Protected environment configuration bypass in GitLab Enterprise Edition exposes CI/CD deployment gates to authenticated users holding custom role permissions, even when CI/CD visibility is explicitly disabled for the project. Affecting all EE versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1, this CWE-863 (Incorrect Authorization) flaw allows such users to view, create, or delete protected environment rules that should be inaccessible. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
EDNS OPT filter bypass in DNSdist exposes backend DNS servers to EDNS extension options that DNSdist was configured to suppress. The flaw is triggered specifically by the EDNS Client Subnet (ECS) insertion code path, which silently normalizes a crafted malformed OPT record - one that evaded DNSdist's filter - into a syntactically valid OPT record forwarded to the upstream backend. No public exploit code exists and no active exploitation has been confirmed; CVSS rates this Low (3.7) reflecting both the high attack complexity and the limited integrity-only impact.
Query processing delays in dnsdist's DoH3 (DNS over HTTPS/3) implementation allow unauthenticated remote attackers to partially degrade DNS resolution availability by sending crafted GET requests containing invalid HTTP/3 DATA frames. Affected deployments are limited to those with DoH3 explicitly enabled; the CVSS score of 3.7 reflects high attack complexity and only a low availability impact. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Prometheus metrics endpoint corruption in PowerDNS dnsdist allows a remote unauthenticated attacker to disrupt monitoring visibility by flooding the resolver with crafted DNS queries. The flood triggers insertion of a dynamic block whose value serialises into invalid Prometheus exposition format, causing the /metrics endpoint to be rejected by the scraper until the dynamic block TTL expires naturally. No public exploit code is identified at time of analysis, and exploitation requires high attack complexity - a sustained, high-volume crafted query campaign - keeping real-world risk low despite network accessibility.
Stored cross-site scripting in K2 extension for Joomla (versions 1.0-2.26) allows an authenticated Author-tier user to inject arbitrary JavaScript into the embedVideo POST field, which K2 stores verbatim and renders unescaped to every subsequent visitor of that article page. Any Joomla user granted K2 'create item' rights - the Author tier by default - can weaponize this to steal session cookies, redirect victims, or perform actions on behalf of any visitor including administrators. No public exploit code has been identified at time of analysis, and CISA SSVC classifies exploitation as none with partial technical impact.
Insufficient authorization checks in GitLab Enterprise Edition expose project information to authenticated users with limited permissions under specific, undisclosed conditions. Affecting all EE releases from 18.6 up to (but not including) 18.11.6, 19.0.3, and 19.1.1, this CWE-862 flaw allows a low-privileged authenticated attacker to read project data they should not have access to. No public exploit code exists and no active exploitation has been confirmed; the high attack complexity (AC:H) and requirement for an authenticated session substantially limit real-world risk.
Server-side request forgery (SSRF) in GitLab CE/EE allows an authenticated user with maintainer-role permissions to probe and interact with internal network resources by configuring malicious mirror synchronization URLs that bypass GitLab's URL validation controls. The flaw spans an exceptionally wide version range - from 8.3 all the way through the 19.x train - making the population of unpatched instances large. CWE-350 (Reliance on Reverse DNS Resolution) indicates the bypass likely exploits DNS-based validation circumvention rather than a simple allowlist gap. No public exploit or active KEV listing is confirmed at time of analysis, but the maintainer privilege bar is low enough in shared multi-tenant GitLab deployments to materially broaden the attacker population.
SQL injection in Tenable Nessus exposes scan-result databases to exfiltration by any remote unauthenticated attacker who controls the reverse DNS (PTR) records for a host being scanned. When Nessus resolves the hostname of a scanned target via PTR lookup, the returned value is incorporated into a SQL query without adequate sanitization, enabling read-level access to the scan results database. A proof-of-concept is indicated by the CVSS temporal metric (E:P), and Tenable has acknowledged the issue via advisory TNS-2026-17; no public active exploitation (CISA KEV) is confirmed at time of analysis.
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2 challenge-response, via a crafted DomainName parameter.
NONET network restriction bypass in Nokogiri's JRuby implementation permits external resource fetching during XML Schema parsing despite the default network-blocking parse option being set, exposing applications to potential SSRF and XXE attacks. Only JRuby-based deployments are affected - CRuby users are fully protected because libxml2's xmlNoNetExternalEntityLoader enforces NONET at the I/O layer independently of Nokogiri's option handling. Rated low severity by maintainers (CVSS 2.6); vendor-released patch is available in version 1.19.4, and no public exploit has been identified at time of analysis.
Replication Fullsync in Apache Kvrocks fails to validate filenames transmitted from a master node to a replica during full synchronization, enabling path traversal to arbitrary filesystem locations. Deployments using Kvrocks master-replica replication are affected; standalone instances with no replication configured are not exposed. An attacker who controls or can impersonate a master node can cause a replica to read or write files outside its intended data directory - no public exploit has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.
Use-after-free in wolfSSL's TLS 1.3 PQC hybrid KeyShare processing exposes clients built with post-quantum hybrid support to a crash or memory corruption when connecting to a malicious server. This is a bypass of the incomplete fix for CVE-2026-5460 shipped in 5.9.1 - the pointer alias between keyShareEntry->key and ecc_kse->key in TLSX_KeyShare_ProcessPqcHybridClient is not re-synchronized after the inner ECC processing function frees its copy, leaving a dangling pointer that TLSX_KeyShare_FreeAll later passes to wc_ecc_free and XFREE. No public exploit or CISA KEV listing exists; the CVSS 4.0 score of 2.3 reflects limited real-world impact due to high attack complexity and non-default build requirements.
wolfSSL's x86_64 Curve25519 scalar multiplication yields a non-canonical shared secret when carry propagation overflows into bit 255 during final modular reduction, producing a result in [p, 2^255) rather than the required canonical range [0, p). Both the x64 and AVX2 hand-written assembly paths in fe_x25519_asm.S are affected, and only specific edge-case scalar/point combinations trigger the flaw. wolfSSL self-reported this correctness defect and published a fix via GitHub PR #10536; no public exploit exists and the vulnerability is absent from CISA KEV.
wolfSSL's certificate chain verification accepted MD5-signed certificates when MD5 was compiled in for any purpose (e.g., TLS 1.0 PRF or HMAC), violating RFC 8446 compliance and the fundamental prohibition on broken hash algorithms in certificate signatures. An attacker with low-level positioning who can influence the certificate chain presented to a wolfSSL-based application could potentially bypass chain integrity checks by presenting an MD5-signed leaf certificate. No public exploit has been identified and no CISA KEV listing exists; the CVSS 4.0 score of 2.3 reflects the high complexity and constrained impact of realistic exploitation.
Incorrect authorization logic during room creation in Venueless permits authenticated low-privilege users to create room types they are not permitted to create. The CVSS 4.0 score of 2.3 reflects the narrow, integrity-only impact and significant attack preconditions - requiring authentication, high complexity, and specific prerequisites. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Use-after-free in Nokogiri's CRuby XInclude processing (versions prior to 1.19.4) can leave Ruby wrapper objects pointing at freed libxml2 memory after `#do_xinclude` is called on a document whose nodes have already been exposed to Ruby. An application that triggers this condition may experience invalid memory reads or writes, potentially resulting in a crash or memory disclosure. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 2.2 reflects the high attack complexity driven by an unusual, non-default API usage pattern required to reach the vulnerable code path.
wolfSSL's TLS 1.2 handshake logic silently downgrades Encrypt-then-MAC (ETM) to MAC-then-Encrypt when a client presents a stale session ID during a failed resumption attempt, affecting all builds compiled with HAVE_ENCRYPT_THEN_MAC using CBC-mode cipher suites. This ETM extension silent-disable (CWE-757) exposes the downgraded connection to CBC-mode side-channel attacks such as Lucky Thirteen, exploitable by an adjacent-network attacker. No public exploit identified at time of analysis and no confirmed active exploitation; vendor patch is available upstream via PR #10167.
HMAC tag forgery in wolfSSL's OpenSSL-compatibility layer allows a zero-length or arbitrarily truncated HMAC tag to pass verification in EVP_DigestVerifyFinal, undermining message authentication for any application relying on this API path. Applications compiled with the OPENSSL_EXTRA flag that use EVP_DigestVerifyFinal for HMAC verification - including JWT validation libraries and message authentication flows - are affected across all currently-known wolfSSL versions. The root length check only enforced that the supplied tag did not exceed the MAC size, not that it equaled it, so an attacker controlling the tag buffer or length argument could present an empty signature and bypass integrity verification. No public exploit has been identified at time of analysis, and CISA KEV does not list this CVE.
HTML injection on the pretix untrusted-redirect warning page enables phishing attacks against end users. Affecting the open-source event ticketing platform (all versions prior to 2026.5.2), authenticated low-privileged users can embed malicious HTML content into the redirect interstitial page that pretix displays before forwarding visitors to external URLs. The presence of a Content-Security-Policy on that page blocks script execution, so the primary attack surface is social engineering and credential phishing rather than full cross-site scripting. No public exploit code and no CISA KEV listing have been identified at time of analysis.
HTML injection into server-side PDF rendering contexts in Pretix enables low-privileged authenticated users to embed external image references that trigger outbound HTTP requests from the rendering engine, leaking the server's network identity and creating an SSRF vector against internal network services. The CVSS 4.0 score of 2.1 reflects genuinely low severity - exploitation requires authentication, specific content reaching PDF rendering paths, and passive user interaction to trigger PDF generation. No public exploit code exists and this vulnerability is absent from CISA KEV.
HTML injection in the pretix-pages plugin for Pretix event ticketing software permits a high-privileged authenticated user to embed malicious HTML tags into plugin-rendered page content, which subsequently executes in the browsers of site visitors who view those pages. All tracked versions under cpe:2.3:a:pretix:pretix-pages are affected, with a vendor-released fix published 2026-06-25 in Pretix release 2026.5.2. No public exploit code or active exploitation has been identified at time of analysis.
Out-of-bounds write in wolfSSL's SetSuitesHashSigAlgo function corrupts memory when an application passes an oversized signature algorithms list to the wolfSSL_CTX_set1_sigalgs_list or wolfSSL_set1_sigalgs_list APIs, writing past the end of the internal suites buffer (CWE-787). All wolfSSL versions prior to the bounds-check fix in PR #10204 are affected; the CVSS 4.0 score of 2.0 reflects a local-only vector, high complexity, and constrained impact limited to low integrity and availability degradation within the consuming process. No public exploit has been identified and this vulnerability is not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis.
Keystream reuse in wolfSSL's streaming AES-GCM API exposes ciphertext to partial plaintext recovery when a single session accumulates more than 64 GiB of data, violating NIST SP 800-38D counter limits due to unguarded internal counter wrap. All wolfSSL versions are affected per wildcard CPE (cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*), with the flaw present in both AES-GCM and AES-CCM streaming paths. Exploitation is constrained to local access with low privileges, high attack complexity, and the operationally unusual prerequisite of processing tens of gigabytes in a single uninterrupted streaming session; no public exploit identified at time of analysis.
HTML injection in the pretix-digital Pretix ticketing plugin (CWE-80) allows high-privileged operators to embed malicious script-bearing HTML into event content that subsequently executes in the browsers of end users viewing rendered ticket or event pages. All versions of the plugin are indicated as affected per the CPE wildcard, with a vendor fix shipped in the 2026.5.2 release. No public exploit has been identified at time of analysis, the vulnerability is absent from the CISA KEV catalog, and the low CVSS 4.0 score of 2.0 reflects the high privilege and specific preconditions required for exploitation.
SQL injection in Tenable Nessus's scan result import functionality allows an attacker to craft a malicious scan file that, when imported by a privileged operator, injects SQL into the scan results database and exfiltrates stored scan data. The attack is entirely dependent on social engineering: the threat actor has no direct access to the Nessus instance and must convince a privileged user to import the weaponized file. A proof-of-concept exists per CVSS temporal indicator E:P, and Tenable has issued an official fix under advisory TNS-2026-17. No active exploitation is confirmed in CISA KEV.
Use-after-free in Nokogiri's CRuby implementation (versions prior to 1.19.4) allows an application crash via segfault when an `XML::XPathContext` object outlives its source document and that document is freed by Ruby's garbage collector. Only CRuby is affected; JRuby is not. This is not triggerable by malicious document input and cannot be reached through the standard `Document#xpath`, `#css`, or related methods - it requires an unusual direct API usage pattern in application code. No public exploit has been identified, this is not listed in CISA KEV, and the CVSS 4.0 score of 1.7 reflects the tightly constrained triggering conditions.
Heap use-after-free in Nokogiri's CRuby implementation (prior to 1.19.4) can corrupt process memory when application code assigns a DTD node as a document root via `Document#root=`. The root cause is insufficient type validation in the setter, which accepted any `Nokogiri::XML::Node` subclass rather than restricting to element nodes, leaving libxml2 in an inconsistent internal state that triggers a dangling pointer dereference during Ruby garbage collection or finalization. No active exploitation is confirmed (not in CISA KEV), no public exploit is identified, and the Nokogiri maintainers rate this low severity; the CVSS 4.0 score of 1.7 with E:U corroborates that assessment.