GNU gawk CVE-2026-40467
MEDIUMSeverity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local vector requires script execution access; crash-only outcome yields A:L with no confidentiality or integrity impact and unchanged scope.
Primary rating from Vendor (CERT-PL).
CVSS VectorVendor: CERT-PL
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Use After Free vulnerability has been found in "io.c" program file of gawk (do_getline_redir() routine). This issue may lead to a crash. It affects gawk in versions 5.4.0 and below.
AnalysisAI
Use-after-free memory corruption in gawk's do_getline_redir() routine within io.c allows a local attacker to crash the gawk process, causing a denial of service. All gawk versions 5.4.0 and below are affected, as confirmed by CERT-PL and an upstream patch commit. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the ability to execute or influence an AWK script processed by a vulnerable version of gawk (5.4.0 or below) on the local system, specifically one that exercises the getline I/O redirection functionality handled by the do_getline_redir() routine in io.c. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.1 (Medium) with vector AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N accurately characterizes this as a low-impact, locally-triggered denial-of-service issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with local shell access, or the ability to supply a crafted AWK script to an automated pipeline running gawk, provides input that exercises the getline I/O redirection code path in do_getline_redir(). The use-after-free is triggered, causing gawk to crash and disrupting any dependent process or pipeline. … |
| Remediation | Apply the upstream patch available via commit a2d18c74109e41bec29a23098eba2e00057286d8 in the GNU gawk repository (https://cgit.git.savannah.gnu.org/cgit/gawk.git/commit/?id=a2d18c74109e41bec29a23098eba2e00057286d8). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. Rated high severity (CVSS 7.1), this vulnerab
Stack-based buffer overflow in gawk's readdir extension (extension/readdir.c, ftype() routine) affects all gawk releases
Integer overflow in gawk's do_sub() routine (builtin.c) enables heap metadata corruption on 32-bit builds, crashing the
Integer overflow in GNU gawk's builtin.c (versions 5.4.0 and below) enables heap metadata corruption and memory exhausti
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today