new file mode 100644
@@ -0,0 +1,32 @@
+From 73209f445f0265b203829fa7873caa78ca83cefe Mon Sep 17 00:00:00 2001
+From: netliomax25-code <netliomax25@gmail.com>
+Date: Fri, 29 May 2026 11:45:17 +0530
+Subject: [PATCH] lib: Protect function getAttributeId from signed integer
+ overflow
+
+CVE: CVE-2026-56405
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/2c6c42d33689f6b266a5267b639e03cde17e53c0]
+
+(cherry picked from commit 2c6c42d33689f6b266a5267b639e03cde17e53c0)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ expat/lib/xmlparse.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 1b7e289f..ec707336 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -7324,6 +7324,10 @@ getAttributeId(XML_Parser parser, const ENCODING *enc, const char *start,
+ } else {
+ int i;
+ for (i = 0; name[i]; i++) {
++ /* Detect and prevent signed integer overflow */
++ if (i == INT_MAX) {
++ return NULL;
++ }
+ /* attributes without prefix are *not* in the default namespace */
+ if (name[i] == XML_T(ASCII_COLON)) {
+ int j;
+--
+2.43.7
@@ -14,6 +14,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \
file://CVE-2026-56403_p2.patch;striplevel=2 \
file://CVE-2026-56408.patch;striplevel=2 \
file://CVE-2026-56404.patch;striplevel=2 \
+ file://CVE-2026-56405.patch;striplevel=2 \
"
GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"