CVE-2026-4438

ADVISORY - nist

Summary

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

EPSS Score⁠: 0.00033 (0.098)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20⁠

Improper Input Validation

CWE-88⁠

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Impacted images

Advisories

NIST

CREATED

1 month ago

UPDATED

17 days ago

ADVISORY IDCVE-2026-4438⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠CWE-88⁠

CVSS SCORE

5.4medium

Debian

CREATED

1 month ago

UPDATED

11 days ago

ADVISORY IDCVE-2026-4438⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

30 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-4438⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

22 days ago

UPDATED

22 days ago

ADVISORY ID

CGA-6448-55wg-5294

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY