CVE-2026-40025

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions The Sleuth Kit versions through 4.14.0

Description The Sleuth Kit contains a flaw in the APFS filesystem keybag parser. The wrapped key parser class does not properly validate length fields, leading to potential out-of-bounds reads when processing attacker-controlled data. This can result in information disclosure or application crashes when handling malicious APFS disk images.

Recommendations Update to a version beyond 4.14.0.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2026-40025

OESA-2026-1936

OESA-2026-1937

OESA-2026-1938

OESA-2026-1939

Affected Products

The Sleuth Kit

CVE-2026-40025

Weakness Enumeration

Related Identifiers

Affected Products

References · 21