What is the CVSS score of CVE-2026-32776?

CVE-2026-32776 has a CVSS 3.1 base score of 4.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of Libexpat are affected by CVE-2026-32776?

Organizations using libexpat before 2.7.5 should be aware of moderate risk from CVE-2026-32776, a null pointer dereference vulnerability rated CVSS 4.0.. A patch is available.

Libexpat CVE-2026-32776

EUVD-2026-12347 MEDIUM

NULL Pointer Dereference (CWE-476)

2026-03-16 mitre

Denial Of Service Null Pointer Dereference Red Hat Libexpat Suse

4.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

2.7.5

EUVD ID Assigned

Mar 16, 2026 - 09:00 euvd

EUVD-2026-12347

Analysis Generated

Mar 16, 2026 - 09:00 vuln.today

CVE Published

Mar 16, 2026 - 06:54 nvd

MEDIUM 4.0

DescriptionNVD

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

AnalysisAI

libexpat before version 2.7.5 contains a NULL pointer dereference vulnerability triggered by malformed XML containing empty external parameter entity content, resulting in denial of service through application crashes. The vulnerability affects all versions of libexpat prior to 2.7.5 across multiple platforms and applications that embed this XML parsing library. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory