High severity7.8NVD Advisory· Published Apr 22, 2026· Updated May 20, 2026
CVE-2026-6846
CVE-2026-6846
Description
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16- cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords8 versionspkg:apk/chainguard/binutilspkg:apk/chainguard/binutils-devpkg:apk/chainguard/binutils-docpkg:apk/chainguard/binutils-goldpkg:apk/wolfi/binutilspkg:apk/wolfi/binutils-devpkg:apk/wolfi/binutils-docpkg:apk/wolfi/binutils-gold
< 2.46-r2+ 7 more
- (no CPE)range: < 2.46-r2
- (no CPE)range: < 2.46-r2
- (no CPE)range: < 2.46-r2
- (no CPE)range: < 2.46-r2
- (no CPE)range: < 2.46-r2
- (no CPE)range: < 2.46-r2
- (no CPE)range: < 2.46-r2
- (no CPE)range: < 2.46-r2
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2026-6846nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.