A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.

The version of libxml2 installed on the remote host is prior to 2.11.9 / 2.15.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-070-02 advisory.

    New libxml2 packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the libxml2 security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES16 / SLES_SAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20631-1 advisory.

    Changes in libxml2:

    - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in       `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811).
    - CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior     when handling       `nextCatalog` elements (bsc#1256809, bsc#1256812).
    - CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog     files       (bsc#1247858).
    - CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257594, bsc#1257595).
    - CVE-2025-10911: parsing xsl nodes may lead to use-after-free with key data stored cross-RVT     (bsc#1250553)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1446 advisory.

    A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where     memory allocated for user input is not properly released under certain conditions. When a user submits     input consisting only of whitespace, the program skips command execution but fails to free the allocated     buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system     memory and terminate the xmllint process, creating a denial-of-service condition on the local system.
    (CVE-2026-1757)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20312-1 advisory.

    Changes in libxml2:

    - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in       `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811).
    - CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior     when handling       `nextCatalog` elements (bsc#1256809, bsc#1256812).
    - CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog     files       (bsc#1247858).
    - CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257594, bsc#1257595).
    - CVE-2025-10911: parsing xsl nodes may lead to use-after-free with key data stored cross-RVT     (bsc#1250553)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3178 advisory.

    A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where     memory allocated for user input is not properly released under certain conditions. When a user submits     input consisting only of whitespace, the program skips command execution but fails to free the allocated     buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system     memory and terminate the xmllint process, creating a denial-of-service condition on the local system.
    (CVE-2026-1757)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0782-1 advisory.

    - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in     `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
    - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential     behavior. (bsc#1256809, bsc#1256812)
    - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
    - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0605-1 advisory.

    - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in     `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
    - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential     behavior. (bsc#1256809, bsc#1256812)
    - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
    - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
    - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML     catalog files. (bsc#1247858)
    - CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not     limiting the recursion depth. (bsc#1256805, bsc#1256810)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0570-1 advisory.

    - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in     `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
    - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential     behavior. (bsc#1256809, bsc#1256812)
    - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
    - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
    - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML     catalog files. (bsc#1247858)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0568-1 advisory.

    - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in     `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
    - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential     behavior. (bsc#1256809, bsc#1256812)
    - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
    - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where     memory allocated for user input is not properly released under certain conditions. When a user submits     input consisting only of whitespace, the program skips command execution but fails to free the allocated     buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system     memory and terminate the xmllint process, creating a denial-of-service condition on the local system.
    (CVE-2026-1757)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
301909	Slackware Linux 15.0 / current libxml2 Multiple Vulnerabilities (SSA:2026-070-02)	Nessus	Slackware Local Security Checks	medium
301455	SUSE SLES16 Security Update : libxml2, libxslt (SUSE-SU-2026:20631-1)	Nessus	SuSE Local Security Checks	medium
301348	Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2026-1446)	Nessus	Amazon Linux Local Security Checks	medium
301309	openSUSE 16 Security Update : libxml2, libxslt (openSUSE-SU-2026:20312-1)	Nessus	SuSE Local Security Checks	medium
301261	Amazon Linux 2 : libxml2, --advisory ALAS2-2026-3178 (ALAS-2026-3178)	Nessus	Amazon Linux Local Security Checks	medium
300833	SUSE SLES12 Security Update : libxml2 (SUSE-SU-2026:0782-1)	Nessus	SuSE Local Security Checks	medium
300043	SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2026:0605-1)	Nessus	SuSE Local Security Checks	medium
299578	openSUSE 15 Security Update : libxml2 (SUSE-SU-2026:0570-1)	Nessus	SuSE Local Security Checks	medium
299355	openSUSE 15 Security Update : libxml2 (SUSE-SU-2026:0568-1)	Nessus	SuSE Local Security Checks	medium
297549	Linux Distros Unpatched Vulnerability : CVE-2026-1757	Nessus	Misc.	medium

Detections

Analytics

CVE-2026-1757

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium