A vulnerability, which was classified as critical , has been found in libyang up to 5.4.2 . This affects the function lyd_parser_set_data_flags of the component YANG XML Document Handler . This manipulation causes use after free. This vulnerability appears as CVE-2026-41401 . The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.