CVE-2026-5450 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 21, 2026
GNU C Library - Buffer Overflow
Published: April 20, 2026Updated: April 21, 2026Remote Exploitable
Overview
GNU C Library 2.7 to 2.43 contains a heap buffer overflow caused by using %mc with a format width specifier greater than 1024 in scanf functions, letting attackers cause memory corruption, exploit requires crafted input.
Severity & Score
Severity: Critical
CVSS Score: 9.8
EPSS Score: 4.9%(Probability of exploitation in next 30 days)
Impact
Attackers can cause a heap buffer overflow leading to potential memory corruption or code execution.
Mitigation
Update to the latest version of GNU C Library.
References
Social Media Activity(1 post)
Vito Botta
@vitobotta
Three glibc CVEs, including CVSS 9.8 heap overflow in scanf (CVE-2026-5450). Affects glibc 2.7 through 2.43, that's decades of releases. When the C library has bugs, everything on Linux has bugs. Patch.
View original postRelated Resources
Details
- CVE ID
- CVE-2026-5450
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- buffer_overflow
- Status
- unconfirmed
- EPSS
- 4.9%
- Social Posts
- 1
CWE
- CWE-122
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
4.9%Probability of exploitation in the next 30 days