Critical Code Execution Vulnerability in Swish-e Affects Multiple Ubuntu Releases

Critical Code Execution Vulnerability in Swish-e Affects Multiple Ubuntu Releases

First seen 7 May 2026, 11:13 UTC UbuntuLinuxsecurity 78% similarity 72.8

Article Content

Browse articles
ThreatCluster

A critical security vulnerability has been identified in Swish-e, affecting multiple versions of Ubuntu, including 26.04 LTS and earlier releases down to 16.04 LTS. The vulnerability, linked to Expat handling certain files, could allow attackers to execute arbitrary code or crash the application. This issue is tracked under CVE-2022-25235 and CVE-2022-25236, both published on 2022-02-16. Users are advised to update their systems to the latest package versions to mitigate the risk. The vulnerability impacts systems using Swish-e, a simple web indexing system. Ubuntu Pro users can access enhanced security coverage for these packages. A standard system update is recommended to address this issue. The advisory emphasizes the urgency of applying the patches to prevent potential exploitation.

Key Points: • Critical vulnerability in Swish-e affects Ubuntu versions 26.04 to 16.04 LTS. • Expat mishandling could lead to arbitrary code execution or application crashes. • Users are urged to update systems to the latest package versions immediately.

ThreatCluster AI

Timeline

2022-02-16
CVE-2022-25235 published
CVE-2022-25235 was published, detailing a flaw in Expat used in Swish-e.
Linuxsecurity
2022-02-16
CVE-2022-25236 published
CVE-2022-25236 was published, highlighting another vulnerability in Expat within Swish-e.
Linuxsecurity
2026-05-07
Ubuntu security advisory USN-8240-1 released
Ubuntu published an advisory for Swish-e vulnerabilities, urging users to update their systems.
Ubuntu

Community

Browse all →