CVE-2026-26200

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HDF5 versions prior to 1.14.4-2

Description HDF5 is software used for managing data. An attacker controlling an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow. This can lead to a denial-of-service condition, and potentially remote code execution depending on exploitability against modern operating systems. The real-world exploitability of remote code execution is currently unknown.

Recommendations Update to version 1.14.4-2 or later.

Exploit

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

CVE-2026-26200

ECHO-A777-BF3C-CF20

GHSA-5P2M-J456-9MR2

Affected Products

Hdf5

CVE-2026-26200

Weakness Enumeration

Related Identifiers

Affected Products

References · 10