CVE-2026-27171

low

Red Hat

CVSS v3 Base Score

2.9

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.0%

Exploitation probability in 30 days

Top 100% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

None

Integrity

None

Availability

Low

Published: February 18, 2026 (85 days ago)

Last Modified: February 18, 2026

Vendor: Red Hat

Description

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

CWE

CWE-835

Affected Products

Logging Subsystem for Red Hat OpenShiftRed Hat build of OpenJDK 11 ELSRed Hat build of OpenJDK 17Red Hat build of OpenJDK 1.8Red Hat build of OpenJDK 21Red Hat build of OpenJDK 25Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 7asecurity.com 🔗 7asecurity.com

CVE-2026-27171

Vulnerability Report

Description

CWE

Affected Products

References