CVE-2026-5450

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glibc versions 2.7 through 2.43

Description Calling the scanf family of functions using a %mc (malloc'd character match) with a format width specifier that has an explicit width greater than 1024 can lead to a one byte heap buffer overflow.

Recommendations Update glibc to a version later than 2.43.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

CVE-2026-5450

ECHO-56EB-505F-7A61

OESA-2026-2409

OESA-2026-2410

OESA-2026-2411

OESA-2026-2412

OPENSUSE-SU-2026:10770-1

RHSA-2026:12740

Affected Products

Glibc

CVE-2026-5450

Weakness Enumeration

Related Identifiers

Affected Products

References · 27