CVE-2026-4438
ADVISORY - ubuntuSummary
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.
EPSS Score: 0.00066 (0.206)
Common Weakness Enumeration (CWE)
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-4438
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Amedium| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| ubuntu/glibc | deb | ubuntu | 24.04 | >=0 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CVSS SCORE
5.4mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2026-4438
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowRocky
CREATED
UPDATED
ADVISORY IDRLSA-2026:19061
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowRocky
CREATED
UPDATED
ADVISORY IDRLSA-2026:20597
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowChainguard
CREATED
UPDATED
ADVISORY ID
CGA-6448-55wg-5294
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Photon
CREATED
UPDATED
ADVISORY ID
CVE-2026-4438
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.4mediumminimos
CREATED
UPDATED
ADVISORY ID
MINI-23p3-qw4q-3336
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-