CVE-2026-42482

Name of the Vulnerable Software and Affected Versions hashcat version 7.1.2

Description A stack-based buffer overflow occurs in the mangle to hex lower() and mangle to hex upper() functions within src/rp cpu.c. This issue arises from a bounds check that fails to account for the 2x expansion when password bytes are converted to hexadecimal. An attacker can exploit this via a crafted rule file or by using the -j or -k rule options with password candidates of 128 characters or more, potentially leading to a denial of service or arbitrary code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.