Skip to main content

Hdf5 CVE-2026-26200

HIGH
Heap-based Buffer Overflow (CWE-122)
2026-02-19 security-advisories@github.com
7.8
CVSS 3.1 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
7.8 HIGH
qualitative

Primary rating from Vendor (github).

CVSS VectorVendor: github

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Apr 10, 2026 - 08:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:03 vuln.today
PoC Detected
Feb 20, 2026 - 20:14 vuln.today
Public exploit code
CVE Published
Feb 19, 2026 - 20:25 nvd
HIGH 7.8

DescriptionCVE.org

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. Real-world exploitability of this issue in terms of remote-code execution is currently unknown. Version 1.14.4-2 fixes the issue.

AnalysisAI

Heap buffer overflow in HDF5 versions prior to 1.14.4-2 allows attackers to trigger denial-of-service or potentially achieve code execution by crafting malicious h5 files. The vulnerability affects any system parsing untrusted HDF5 data files and has public exploit code available. A patch is not yet available, leaving affected deployments at risk.

Technical ContextAI

Classified as CWE-122 (Heap-based Buffer Overflow). Affects Hdf5. HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. Real-world exploitability of this issue in terms of remote-code execution is currently unknown. Version 1.14.4-2 fixe

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

More in Hdf5

View all
CVE-2018-13876 CRITICAL POC
9.8 Jul 10

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2018-13874 CRITICAL POC
9.8 Jul 10

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2018-13873 CRITICAL POC
9.8 Jul 10

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2018-13872 CRITICAL POC
9.8 Jul 10

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2018-13871 CRITICAL POC
9.8 Jul 10

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2018-13870 CRITICAL POC
9.8 Jul 10

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2018-13869 CRITICAL POC
9.8 Jul 10

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2018-13868 CRITICAL POC
9.8 Jul 10

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2018-13867 CRITICAL POC
9.8 Jul 10

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2018-13866 CRITICAL POC
9.8 Jul 10

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2017-17509 HIGH POC
8.8 Dec 11

In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhd

CVE-2019-9152 HIGH POC
8.8 Feb 25

An issue was discovered in the HDF HDF5 1.10.4 library. Rated high severity (CVSS 8.8), this vulnerability is remotely e

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise High Performance Computing 12 SP5 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Fixed

Share

CVE-2026-26200 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy