A vulnerability was found in libexpat up to 2.8.1 . It has been rated as critical . Impacted is the function XML_GetBuffer/XML_Parse/XML_ParseBuffer/XML_ParserFree/XML_ParserReset . This manipulation causes use after free. This vulnerability appears as CVE-2026-50219 . The attack requires local access. There is no available exploit. Upgrading the affected component is advised.