What is the CVSS score of CVE-2026-40385?

CVE-2026-40385 has a CVSS 3.1 base score of 4.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-40385?

Yes, a patch is available for CVE-2026-40385. Update the affected software to the latest version immediately.

Red Hat CVE-2026-40385

EUVD-2026-21732 MEDIUM

Integer Overflow or Wraparound (CWE-190)

2026-04-12 mitre

GHSA-j9xr-5c85-xjhm

Denial Of Service Integer Overflow Red Hat Suse

4.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Lifecycle Timeline

Patch released

Apr 19, 2026 - 08:30 nvd

Patch available

Analysis Generated

Apr 12, 2026 - 18:54 vuln.today

EUVD ID Assigned

Apr 12, 2026 - 18:45 euvd

EUVD-2026-21732

Analysis Generated

Apr 12, 2026 - 18:45 vuln.today

CVE Published

Apr 12, 2026 - 18:16 nvd

MEDIUM 4.0

DescriptionNVD

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

AnalysisAI

Integer overflow in libexif through 0.6.25 Nikon MakerNote handling allows local attackers on 32-bit systems to trigger crashes or read sensitive memory, requiring high attack complexity and no user interaction. This affects only 32-bit architectures due to the integer arithmetic involved; EPSS probability is low given the local-only attack vector and high complexity prerequisite, but patch availability is currently unconfirmed.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory