← back
CVE-2026-40385

CVE-2026-40385

CVSS 4 MEDIUMEPSS 0.1%CWE-190
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Apr 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected products
libexif project · libexif

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58