What is the CVSS score of CVE-2026-29079?

CVE-2026-29079 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Lexbor are affected by CVE-2026-29079?

Lexbor HTML parsing library versions prior to 2.7.0 contain a denial-of-service vulnerability that allows unauthenticated remote attackers to crash applications by sending malformed HTML input,…. A patch is available.

Lexbor CVE-2026-29079

EUVD-2026-12054 HIGH

Access of Resource Using Incompatible Type (Type Confusion) (CWE-843)

2026-03-13 GitHub_M

Information Disclosure Memory Corruption Lexbor

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:22 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

2.7.0

EUVD ID Assigned

Mar 13, 2026 - 18:00 euvd

EUVD-2026-12054

Analysis Generated

Mar 13, 2026 - 18:00 vuln.today

CVE Published

Mar 13, 2026 - 17:19 nvd

HIGH 7.5

DescriptionNVD

Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting the qualified_name field. That corrupted value is later used as a pointer and dereferenced near the zero page. This vulnerability is fixed in 2.7.0.

AnalysisAI

Denial of service in Lexbor prior to version 2.7.0 results from a type-confusion vulnerability in the HTML fragment parser that corrupts memory and causes a null pointer dereference. An unauthenticated remote attacker can exploit this by sending malformed HTML to crash applications using the vulnerable Lexbor library. …

RemediationAI

Within 24 hours: Identify all applications and services using Lexbor and document current versions in use. Within 7 days: Upgrade Lexbor to version 2.7.0 or later across all development, staging, and production environments; test thoroughly before production deployment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-29079 vulnerability details – vuln.today

Back

Lexbor CVE-2026-29079

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code