Vulnerability Description
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
CVSS Score
LOW
Related Weaknesses (CWE)
References
- https://github.com/michaelrsweet/mxml/commit/6e27354466092a1ac65601e01ce6708710b
- https://github.com/michaelrsweet/mxml/issues/350
- https://github.com/michaelrsweet/mxml/issues/350#issuecomment-4051317229
- https://github.com/user-attachments/files/25934383/1.xml
- https://vuldb.com/submit/778638
- https://vuldb.com/vuln/353963
- https://vuldb.com/vuln/353963/cti
FAQ
What is CVE-2026-5037?
CVE-2026-5037 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr ca...
How severe is CVE-2026-5037?
CVE-2026-5037 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-5037?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.