CVE-2026-44673

Name of the Vulnerable Software and Affected Versions libyang versions prior to 5.2.15

Description The lyb read string() function in src/parser lyb.c contains an integer overflow. This occurs when parsing a maliciously crafted LYB binary blob, leading to a heap buffer overflow. An attacker capable of supplying LYB data to a libyang consumer, such as a NETCONF server or sysrepo, can cause a crash or heap corruption.

Recommendations Update to version 5.2.15.