What is the CVSS score of CVE-2026-5435?

CVE-2026-5435 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of GNU C Library (glibc) are affected by CVE-2026-5435?

CVE-2026-5435 is a remote code execution vulnerability in GNU C Library affecting applications that use deprecated DNS record processing functions (ns_printrrf, ns_printrr, fp_nquery).. A patch is available.

GNU C Library (glibc) CVE-2026-5435

EUVD-2026-26036 HIGH

Out-of-bounds Write (CWE-787)

2026-04-28 3ff69d7a-14f2-4f67-a097-88dee7810d18

Buffer Overflow Memory Corruption Red Hat Suse

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Re-analysis Queued

Apr 28, 2026 - 20:38 vuln.today

cvss_changed

Analysis Generated

Apr 28, 2026 - 16:23 vuln.today

CVSS changed

Apr 28, 2026 - 16:22 NVD

7.3 (HIGH)

EUVD ID Assigned

Apr 28, 2026 - 13:22 euvd

EUVD-2026-26036

Analysis Generated

Apr 28, 2026 - 13:22 vuln.today

CVE Published

Apr 28, 2026 - 13:19 nvd

HIGH 7.3

DescriptionNVD

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

AnalysisAI

Out-of-bounds write in GNU C Library 2.2+ allows remote unauthenticated attackers to corrupt memory and potentially execute arbitrary code through specially crafted TSIG DNS records processed by deprecated ns_printrrf, ns_printrr, or fp_nquery functions. While these functions are deprecated, any application still using them for DNS record printing remains vulnerable to network-based attacks with low complexity and no authentication barriers. …

RemediationAI

Within 24 hours: Inventory all applications and systems using glibc with deprecated DNS functions (ns_printrrf, ns_printrr, fp_nquery) via code audit or vendor scanning tools; isolate high-risk systems if identified. Within 7 days: Implement network-level DNS filtering to restrict TSIG record processing from untrusted sources; escalate to application owners for modernization timeline. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory