CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.6%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2026-4426

Libarchive » Libarchive » Version: N/A

cpe:2.3:a:libarchive:libarchive:-
Redhat » Hardened Images » Version: N/A

cpe:2.3:a:redhat:hardened_images:-
Redhat » Openshift Container Platform » Version: 4.0

cpe:2.3:a:redhat:openshift_container_platform:4.0
Redhat » Enterprise Linux » Version: 10.0

cpe:2.3:o:redhat:enterprise_linux:10.0
Redhat » Enterprise Linux » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux:6.0
Redhat » Enterprise Linux » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux:7.0
Redhat » Enterprise Linux » Version: 8.0

cpe:2.3:o:redhat:enterprise_linux:8.0
Redhat » Enterprise Linux » Version: 9.0

cpe:2.3:o:redhat:enterprise_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4426

Products

Pricing

Contact Us