CVE-2026-5037 in mxml
Summary
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
Disclosure
03/29/2026
Entries
| Published | Base | Temp | Vulnerability | CWE | Prod | Exp | Cou | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 03/27/2026 | 3.3 | 3.0 | mxml mxmlIndexNew mxml-index.c index_sort stack-based overflow | 121 | Unknown | Proof-of-Concept | Official fix | 0.00013 | 1.62 | CVE-2026-5037 |