CVE-2026-5037
mxml mxmlIndexNew mxml-index.c index_sort stack-based overflow
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
n/a · mxmlpublic PoCs found — 1
cve_referencegithub.com/user-attachments/files/25934383/1.xmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/michaelrsweet/mxml/commit/6e27354466092a1ac65601e01ce6708710bb9fa5https://github.com/michaelrsweet/mxml/issues/350https://github.com/michaelrsweet/mxml/issues/350#issuecomment-4051317229https://github.com/user-attachments/files/25934383/1.xmlhttps://vuldb.com/submit/778638https://vuldb.com/vuln/353963https://vuldb.com/vuln/353963/cti