CVE-2026-4438

ADVISORY - nist

Summary

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

EPSS Score⁠: 0.00066 (0.205)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20⁠

Improper Input Validation

CWE-88⁠

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Impacted images

Advisories

NIST

CREATED

3 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2026-4438⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠CWE-88⁠

CVSS SCORE

5.4medium

Debian

CREATED

3 months ago

UPDATED

9 days ago

ADVISORY IDCVE-2026-4438⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

2 months ago

UPDATED

6 days ago

ADVISORY IDCVE-2026-4438⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Rocky

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY IDRLSA-2026:19061⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Rocky

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY IDRLSA-2026:20597⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-6448-55wg-5294

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

1 month ago

UPDATED

22 days ago

ADVISORY ID

CVE-2026-4438

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.4medium

minimos

CREATED

23 days ago

UPDATED

23 days ago

ADVISORY ID

MINI-23p3-qw4q-3336

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY