Null Pointer Dereference in Nokogiri XML and HTML Library
CVE-2026-57434

1.7LOW

Key Information:

Vendor: Sparklemotion
Status: Nokogiri
Vendor: CVE Published:; 25 June 2026

🔔 Create Sparklemotion Vulnerability Alert

What is CVE-2026-57434?

Nokogiri, an open-source XML and HTML library for Ruby, is susceptible to a null pointer dereference bug that occurs when certain methods are called on uninitialized native wrapper classes derived from Nokogiri::XML::Node. This flaw may lead to application instability and crashes. The issue was resolved in version 1.19.4, so users are urged to upgrade to this version or later to mitigate potential risks.

Affected Version(s)

nokogiri < 1.19.4

References

https://github.com/sparklemotion/nokogiri/security/adviso...

x_refsource_CONFIRM

CVSS V4

Score:

1.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 24, 2026

CVE-2026-57434 Data

JSON