Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-38754

A heap overflow in the ifsbreakup() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 5.6%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-38754
  • Busybox » Busybox » Version: 1.38.0
    cpe:2.3:a:busybox:busybox:1.38.0


Contact Us

Shodan ® - All rights reserved