← back
CVE-2026-48864

Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data

CVSS 7.8 HIGHEPSS 0.2%CWE-787
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
26 May 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H