CVE-2026-6846
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Hardened Images | 2.45.1-5.1.hum1 < * | unaffected |
Weaknesses
- CWE-122: Heap-based Buffer Overflow
Workarounds
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
binutils: Binutils: Arbitrary code execution via malformed XCOFF object file processing
Additional References
- https://access.redhat.com/security/cve/CVE-2026-6846
- https://bugzilla.redhat.com/show_bug.cgi?id=2460006
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6846.json
- https://access.redhat.com/errata/RHSA-2026:33527
References
- https://access.redhat.com/errata/RHSA-2026:33527
- https://access.redhat.com/security/cve/CVE-2026-6846
- https://bugzilla.redhat.com/show_bug.cgi?id=2460006
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.