PT-2026-42829 · Cleanstart+4 · Argo Workflows+38
Neild
·
Published
2026-05-22
·
Updated
2026-06-11
·
CVE-2026-39824
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
The product name cannot be determined (affected versions not specified)
Description
The
NewNTUnicodeString() function does not check for string length overflow. When provided with a string that exceeds the maximum size of a NTUnicodeString (a 16-bit number of bytes), the function returns a truncated string instead of generating an error.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Argo Workflows
Cadvisor
Cert-Manager
Configmap-Reload
Cortex
Elastic-Beats
Golang-Golang-X-Sys
Golang.Org/X/Sys
Golang.Org/X/Sys/Windows
Google-Guest-Agent
Gostatsd
Gosu
Helm-Operator
Ingress-Nginx-Controller-1.14
Ingress-Nginx-Controller-1.15
Istio
Kube-State-Metrics
Kubernetes-Csi-External-Provisioner-Fips
Kubernetes-Csi-External-Snapshotter-Fips
Kubernetes-Csi-Livenessprobe-Fips
Libnvidia-Container
Logstash-Exporter
Memcached-Exporter
Metallb
Minio
Mongodb
Mountpoint-S3-Csi-Driver
Nats-Streaming
Newrelic-Prometheus-Configurator
Nvidia Container Toolkit
Opentelemetry-Collector-Contrib
Percona-Server-Mongodb-Operator
Rclone
Spice-Server
Spire-Server-Fips
Trino
Vault
Velero-Plugin-For-Csi
Wait-For-Port