Version: v1.1.x

CVE-2026-56131

CVE Details

Visit the official vulnerability details page for CVE-2026-56131 to learn more.

Initial Publication

06/19/2026

Last Update

06/23/2026

Third Party Dependency

libexpat

NIST CVE Summary

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).

CVE Severity

4.9

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Analyzed

Affected Products & Versions

Version	PaletteAI	PaletteAI VerteX
1.1.6	⚠️ Impacted	⚠️ Impacted
1.0.7	⚠️ Impacted	⚠️ Impacted

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​