What is the CVSS score of CVE-2026-6846?

CVE-2026-6846 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of GNU Binutils are affected by CVE-2026-6846?

CVE-2026-6846 is a heap buffer overflow in GNU Binutils affecting RHEL 6-10 that enables arbitrary code execution when developers process malicious object files during cross-compilation workflows.. A patch is available.

GNU Binutils CVE-2026-6846

EUVD-2026-24714 HIGH

Heap-based Buffer Overflow (CWE-122)

2026-04-22 redhat

GHSA-c64w-hpm6-xx8w

RCE Buffer Overflow Denial Of Service Heap Overflow

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 29, 2026 - 02:30 nvd

Patch available

Re-analysis Queued

Apr 22, 2026 - 21:37 vuln.today

cvss_changed

Analysis Generated

Apr 22, 2026 - 10:00 vuln.today

EUVD ID Assigned

Apr 22, 2026 - 09:00 euvd

EUVD-2026-24714

Analysis Generated

Apr 22, 2026 - 09:00 vuln.today

CVE Published

Apr 22, 2026 - 08:37 nvd

HIGH 7.8

DescriptionNVD

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

AnalysisAI

Heap buffer overflow in GNU Binutils XCOFF linker allows arbitrary code execution when a local user processes a malicious object file. Red Hat Enterprise Linux versions 6 through 10 are confirmed affected via CPE data. …

RemediationAI

Within 24 hours: Identify all RHEL 6-10 systems running GNU Binutils (rpm -qa binutils) and document which support AIX/PowerPC cross-compilation. Within 7 days: Restrict XCOFF file linking to trusted sources only; implement code review and digital signature validation for object files in build systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Vendor StatusVendor

CVE-2026-6846 vulnerability details – vuln.today

Back

GNU Binutils CVE-2026-6846

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Vendor StatusVendor

Share

External POC / Exploit Code