Medium6.2Red Hat Linux Updated
Memory corruption due to XInclude substitution
CVE-2026-57438 Published Jun 25, 2026Updated by vendor Jun 25, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
Memory corruption due to XInclude substitution. Red Hat rates this moderate (CVSS 6.2). Weakness: CWE-825.
Affected versions
- < 1.19.4
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to Nokogiri 1.19.4 or later. As a workaround for earlier versions, perform XInclude substitution at parse time (with the xinclude parse option) rather than calling #do_xinclude on a document that has already been traversed. A freshly parsed document has no nodes exposed to Ruby, so the substitution is safe.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.