Memory Management Issue in Nokogiri Library for Ruby
CVE-2026-57435

1.7LOW

Key Information:

Vendor: Sparklemotion
Status: Nokogiri
Vendor: CVE Published:; 25 June 2026

🔔 Create Sparklemotion Vulnerability Alert

What is CVE-2026-57435?

Nokogiri, a popular open-source XML and HTML parsing library for Ruby, is susceptible to a memory management flaw. Prior to version 1.19.4, an unsafe execution path could occur when manipulating XML attribute values. This vulnerability arises when an XML attribute is replaced, which may lead to the freeing of a native child node while still being accessible through a Ruby wrapper. If Ruby code interacts with the freed child node thereafter, it risks dereferencing a dangling pointer, potentially leading to an invalid read and application crash. Version 1.19.4 and later address this critical issue, enhancing the overall stability and security of applications relying on Nokogiri.

Affected Version(s)

nokogiri < 1.19.4

References

https://github.com/sparklemotion/nokogiri/security/adviso...

x_refsource_CONFIRM

CVSS V4

Score:

1.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 24, 2026

CVE-2026-57435 Data

JSON