Use After Free in Sparklemotion Nokogiri
CVE-2026-57436
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document roo…
Vulnerability class: Use-After-Free
Affected products
- Sparklemotion Nokogiri — versions < 1.19.4
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)