Skip to main content

libsolv CVE-2026-48864

| EUVD-2026-31859 HIGH
Out-of-bounds Write (CWE-787)
2026-05-26 redhat GHSA-2927-mfhv-37vh
Denial Of Service Information Disclosure Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 Red Hat Hardened Images Red Hat Openshift Container Platform 4 Red Hat Satellite 6 Red Hat Update Infrastructure 4 For Cloud Providers
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
7.8 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 10:23 vuln.today
CVE Published
May 26, 2026 - 16:16 nvd
HIGH 7.8

DescriptionCVE.org

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.

AnalysisAI

Heap buffer overflow in libsolv allows local attackers to corrupt memory when a vulnerable application processes a maliciously crafted .solv repository metadata file. The flaw stems from insufficient input validation during decompression of attacker-controlled data, enabling information disclosure, control-flow alteration, or denial of service across multiple Red Hat Enterprise Linux releases and SUSE distributions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Stage malicious .solv on attacker-controlled repo or mirror
Delivery
Lure victim or pipeline to sync metadata
Exploit
libsolv decompresses crafted compressed blob
Execution
Heap buffer overflow during parsing
Persist
Memory corruption alters execution or leaks data
Impact
Code execution or DoS in package tooling context
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to process an attacker-controlled .solv repository metadata file through a libsolv-linked tool such as DNF, Zypper, microdnf, or repository tooling inside OpenShift/Satellite - this is the UI:R condition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 7.8 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates local attack vector with required user interaction, which constrains real-world exploitability - a victim must process the malicious .solv file through a libsolv-consuming tool. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a malicious package repository or supplies a tampered .solv cache file (for example, via a compromised mirror, a poisoned container build context, or a crafted artifact in a CI pipeline). When a developer or administrator runs a package operation - such as DNF/Zypper repository refresh, an OpenShift image build, or a Satellite sync - libsolv parses the crafted compressed metadata and the heap buffer overflow triggers, yielding memory corruption that can disclose memory contents, alter execution, or crash the process. …
Remediation Apply the vendor-released patch by updating libsolv to the fixed package version delivered in RHSA-2026:21333 (https://access.redhat.com/errata/RHSA-2026:21333) and the corresponding SUSE security updates for openSUSE/SLES streams; rebuild or repull affected container images (OpenShift, Hardened Images) so the patched libsolv propagates into running workloads. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Inventory all systems running Red Hat Enterprise Linux and SUSE distributions; identify libsolv versions through package managers (rpm -q libsolv or zypper info libsolv). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-11788 HIGH
7.5 Jun 09

Remote denial of service in 389 Directory Server (Red Hat Directory Server 11/12/13 and Red Hat Enterprise Linux 6 throu
CVE-2026-48914 MEDIUM
6.7 Jun 12

Out-of-bounds heap write in QEMU's virtio-blk device allows a high-privileged guest to crash the host QEMU process. The

CVE-2026-11789 MEDIUM
6.5 Jun 09

Denial-of-service in Red Hat's 389 Directory Server allows a highly privileged network attacker to crash the LDAP servic
CVE-2026-11786 MEDIUM
6.5 Jun 09

Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attack
CVE-2026-11611 MEDIUM
6.5 Jun 08

Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticat

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed
SUSE Linux Enterprise Micro 5.4 Fixed
SUSE Linux Enterprise Micro 5.5 Fixed

Share

CVE-2026-48864 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy