VYPR
High severity7.5NVD Advisory· Published Apr 24, 2026· Updated May 11, 2026

CVE-2026-41907

CVE-2026-41907

Description

uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
uuidnpm
< 11.1.111.1.1
uuidnpm
>= 12.0.0, < 12.0.112.0.1
uuidnpm
>= 13.0.0, < 13.0.113.0.1

Affected products

128

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.