High severity8.3NVD Advisory· Published Mar 17, 2026· Updated May 11, 2026

CVE-2026-0708

Description

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the ucl_object_emit function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system.

Affected products

Libuvc/Libuclv5
Range: 3e7f023e184e06f30fb5792dacd9dd0f8b692f1b
Vstakhov/Libucl
cpe:2.3:a:vstakhov:libucl:*:*:*:*:*:*:*:*
Range: <=0.9.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2026-0708nvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdThird Party AdvisoryIssue Tracking
github.com/vstakhov/libucl/issues/323nvdIssue TrackingVendor AdvisoryExploit

News mentions

No linked articles in our index yet.

cvss	0.540
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000