CVE-2026-41988
Summary
| CVE | CVE-2026-41988 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-23 05:16:05 UTC |
| Updated | 2026-04-23 05:16:05 UTC |
| Description | uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue. |
Risk And Classification
Primary CVSS: v3.1 3.2 LOW from [email protected]
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Problem Types: CWE-670 | CWE-670 CWE-670 Always-Incorrect Control Flow Implementation
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 3.2 | LOW | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
| 3.1 | CNA | CVSS | 3.2 | LOW | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
ChangedConfidentiality
NoneIntegrity
LowAvailability
NoneCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq | [email protected] | github.com | |
| github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34 | [email protected] | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.