Critical severity9.8NVD Advisory· Published Apr 20, 2026· Updated Apr 23, 2026

CVE-2026-5450

Description

Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

Affected products

GNU/Glibc
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Range: >=2.7,<=2.43

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000