Platform
Products
Echo Containers
Echo ContainersVulnerability-free base images
Echo Libraries
Echo LibrariesFor a secure application layer
Echo VMs
Echo VMsClean virtual machines
Echo Serverless
Echo ServerlessZero re-architecting required
Echo OS Packages
Echo OS PackagesSecure-by-design for custom builds
Ecosystem
Helm charts
Helm chartsSecure, frictionless deployment
Integrations
IntegrationsBuilt for the tools you already use
EOL support
EOL supportFor images you can no longer upgrade
Solutions
Solutions
Vulnerability elimination
Vulnerability eliminationWatch your CVEs drop to zero
FedRAMP & public sector
FedRAMP & public sectorFast-track compliance
CVE-free on your customer scans
CVE-free on your customer scansShip clean images to your customers
Software supply chain security
Software supply chain securityEnd-to-end secure software
Golden images
Golden imagesSecure standardization
CustomersPricing
Resources
Resources
Blog
BlogKey insights & hot takes
Glossary
GlossaryAn edu hub for cloud security
Events & webinars
Events & webinarsWhat’s next with Echo
CVE mapping
CVE mappingStay ahead of the latest CVEs
Company
Company
About Echo
About EchoOur story
Careers
CareersJoin the team
Trust Center
Trust CenterProtect your data
Contact us
Contact usLet’s connect
Let’s connect
Join the echosystem
Join the echosystemLet’s integrate
Echo alliances
Echo alliancesLet’s partner
Log in
Get a demo
Get demo
Vulnerability Database>CVE-2026-24515

CVE-2026-24515

Publish date: January 24, 2026
Severity
Critical
CVSS score
2.5
Package
expat
Affected versions
>= 2.7.0-any1, < 2.7.3-2

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

‍

Learn about Echo's vulnerability management
Learn more

NVD Record:

  • https://nvd.nist.gov/vuln/detail/CVE-2026-24515

References:

  • https://github.com/libexpat/libexpat/pull/1131

Related CVEs:

  • CVE-2026-20884
  • CVE-2026-2781
  • CVE-2022-44940
Platform
Echo containers
Echo libraries
Echo VMs
Echo Serverless
Echo OS Packages
Helm charts
Integrations
EOL support
Solutions
Vulnerability reduction
FedRAMP & public sector
Clean for your customers
Supply chain security
Golden images
Company
About us
Careers
Join the echosystem
Partner alliances
Customers
Contact us
LinkedIn
Resources
Pricing
Blog
CVE mapping
Pulling tips
Events
Glossary
Social
Linkedin
Legal
SLA
Echo Images and Libraries SLA
Privacy Policy
Terms of Use
Cookies Notice