CVE-2026-4426

ADVISORY - nist

Summary

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (pz_log2_bs) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1335⁠

Incorrect Bitwise Shift of Integer

ADVISORY - redhat

CWE-1335⁠

Incorrect Bitwise Shift of Integer

Impacted images

Advisories

NIST

CREATED

19 hours ago

UPDATED

19 hours ago

ADVISORY IDCVE-2026-4426⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.5medium

Debian

CREATED

12 hours ago

UPDATED

7 hours ago

ADVISORY IDCVE-2026-4426⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Red Hat

CREATED

1 day ago

UPDATED

8 hours ago

ADVISORY IDCVE-2026-4426⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.5medium