CVE-2026-41988

Summary

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.

Affected Software

VendorProductVersion RangeStatus
uuidjsuuid0 < 14.0.0affected

Weaknesses

  • CWE-670: CWE-670 Always-Incorrect Control Flow Implementation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References