CVE-2026-40489

CVSS v4.0

8.6

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions editorconfig-core-c versions prior to 0.12.11

Description A stack-based buffer overflow exists in the ec glob() function. An attacker can cause a crash in any application using libeditorconfig by providing a specially crafted directory structure and .editorconfig file. This occurs because the l pattern[8194] stack buffer lacks adequate protection, whereas the pcre str buffer was previously secured.

Recommendations Update to version 0.12.11.

Fix

DoS

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

CVE-2026-40489

OESA-2026-2258

OESA-2026-2259

OESA-2026-2260

OPENSUSE-SU-2026:10663-1

USN-8238-1

USN-8238-2

Affected Products

Linuxmint

Ubuntu

Editorconfig-Core-C

CVE-2026-40489

Weakness Enumeration

Related Identifiers

Affected Products

References · 23