CVE-2026-41907

medium Red Hat
CVSS v3 Base Score
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS Score
0.0%
Exploitation probability in 30 days
Top 97% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
Low
Published: April 24, 2026 (76 days ago)
Last Modified: April 24, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in uuid. The library's versions v3, v5, and v6 do not adequately check the size of external memory buffers provided by applications. This oversight allows the library to write data beyond the designated buffer limits without signaling an error. Such out-of-bounds writes can lead to data corruption, unintended information disclosure, or disrupt application availability.

CWE

CWE-787

Affected Products

Confidential Compute AttestationCryostat 4Gatekeeper 3Migration Toolkit for ContainersMulticluster Engine for KubernetesNode HealthCheck OperatorOpenShift LightspeedOpenShift PipelinesOpenShift ServerlessOpenShift Service Mesh 2

References