Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-57235— Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

AI Predicted 5.3 Difficulty: Easy EPSS 0.33% · P25

Possible ATT&CK Techniques 1AI

T1203 · Exploitation for Client Execution

Affected Version Matrix 1

VendorProductVersion RangeStatus
sparklemotionnokogiri< 1.19.4affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-57235

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sparkle Motion Nokogiri 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sparkle Motion Nokogiri是Sparkle Motion个人开发者的一个HTML、XML和SAX解析库。 Sparkle Motion Nokogiri 1.19.4之前版本存在安全漏洞,该漏洞源于对索引检查时使用了32位截断副本,可能导致越界读取。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
sparklemotionnokogiri < 1.19.4 -

II. Public POCs for CVE-2026-57235

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-57235

登录查看更多情报信息。

Vendor Advisories for CVE-2026-57235 (1)

Same Patch Batch · sparklemotion · 2026-06-25 · 8 CVEs total

CVE-2026-572342.6 LOWNokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-20
CVE-2026-57438Nokogiri: Possible Use-After-Free in XInclude Processing
CVE-2026-57236Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an excep
CVE-2026-57437Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond
CVE-2026-57436Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type
CVE-2026-57435Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr
CVE-2026-57434Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes

IV. Related Vulnerabilities

V. Comments for CVE-2026-57235

No comments yet


Leave a comment