CVE-2026-11824

ADVISORY - nist

Summary

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4. Attackers can trigger an integer underflow in fts5ChunkIterate() causing an inflated remaining byte count during FTS5 MATCH query processing, leading to a heap buffer overflow of attacker-controlled data in applications compiled with SQLITE_ENABLE_FTS5.

EPSS Score⁠: 0.00175 (0.072)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-122⁠

Heap-based Buffer Overflow

Impacted images

Advisories

NIST

CREATED

21 days ago

UPDATED

19 days ago

ADVISORY IDCVE-2026-11824⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-122⁠

CVSS SCORE

8.5high

Alpine

CREATED

19 days ago

UPDATED

5 days ago

ADVISORY IDCVE-2026-11824⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

17 days ago

UPDATED

16 days ago

ADVISORY IDCVE-2026-11824⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

19 days ago

UPDATED

23 hours ago

ADVISORY IDCVE-2026-11824⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

19 days ago

UPDATED

19 days ago

ADVISORY ID

BIT-sqlite-2026-11824

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.5high

Photon

CREATED

11 days ago

UPDATED

11 days ago

ADVISORY ID

CVE-2026-11824

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8high

minimos

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY ID

MINI-cp3r-rp4g-f926

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY