CVE-2026-5435NVD

Vulnerability Summary

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

Severity Level

HIGH(7.3)

Published Date

Apr 28, 2026

Last Modified

May 5, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.05%Probability

Root Weakness (CWE)

CWE-787: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityLow

IntegrityLow

AvailabilityLow

External References

https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u
https://sourceware.org/bugzilla/show_bug.cgi?id=34033

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-5435NVD

Vulnerability Summary

External References