A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0570-1 advisory.

    - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in     `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
    - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential     behavior. (bsc#1256809, bsc#1256812)
    - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
    - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
    - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML     catalog files. (bsc#1247858)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0568-1 advisory.

    - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in     `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
    - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential     behavior. (bsc#1256809, bsc#1256812)
    - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
    - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where     memory allocated for user input is not properly released under certain conditions. When a user submits     input consisting only of whitespace, the program skips command execution but fails to free the allocated     buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system     memory and terminate the xmllint process, creating a denial-of-service condition on the local system.
    (CVE-2026-1757)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
299578	openSUSE 15 Security Update : libxml2 (SUSE-SU-2026:0570-1)	Nessus	SuSE Local Security Checks	medium
299355	openSUSE 15 Security Update : libxml2 (SUSE-SU-2026:0568-1)	Nessus	SuSE Local Security Checks	medium
297549	Linux Distros Unpatched Vulnerability : CVE-2026-1757	Nessus	Misc.	medium

Detections

Analytics

CVE-2026-1757

medium

Tenable Plugins

medium

medium

medium