Home / Vulnerability Intelligence / CVE-2026-31967

CVE-2026-31967 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 19, 2026

HTSlib - Out of Bounds Read

Published: March 18, 2026Updated: March 19, 2026Remote Exploitable

Overview

HTSlib contains an out of bounds read caused by lack of validation of mate reference id in cram_decode_slice(), letting attackers cause information disclosure or program crash, exploit requires crafted CRAM input.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 1.6%(Probability of exploitation in next 30 days)

Impact

Attackers can cause information leakage or program crash, potentially disrupting service or exposing sensitive data.

Mitigation

Update to versions 1.23.1, 1.22.2, 1.21.1 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 19, 2026

🔴 CVE-2026-31967 - Critical (9.1) HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, the value of the mate reference... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31967/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-31967
Severity: Critical
CVSS Score: 9.1
Type: out_of_bounds_rw
Status: confirmed
EPSS: 1.6%
Social Posts: 1

CWE

CWE-125

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score

1.6%Probability of exploitation in the next 30 days