Skip to main content

GNU Binutils CVE-2026-6846

| EUVDEUVD-2026-24714 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-04-22 redhat GHSA-c64w-hpm6-xx8w
7.8
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
7.8 HIGH
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Patch released
Apr 29, 2026 - 02:30 nvd
Patch available
Re-analysis Queued
Apr 22, 2026 - 21:37 vuln.today
cvss_changed
Analysis Generated
Apr 22, 2026 - 10:00 vuln.today
EUVD ID Assigned
Apr 22, 2026 - 09:00 euvd
EUVD-2026-24714
Analysis Generated
Apr 22, 2026 - 09:00 vuln.today
CVE Published
Apr 22, 2026 - 08:37 nvd
HIGH 7.8

DescriptionCVE.org

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

AnalysisAI

Heap buffer overflow in GNU Binutils XCOFF linker allows arbitrary code execution when a local user processes a malicious object file. Red Hat Enterprise Linux versions 6 through 10 are confirmed affected via CPE data. CVSS 7.8 reflects local attack vector requiring user interaction (opening/linking the crafted file). No active exploitation confirmed (not in CISA KEV), and no public proof-of-concept identified at time of analysis. Real-world risk depends heavily on whether development workflows involve linking untrusted XCOFF files, which is uncommon outside AIX/PowerPC cross-compilation scenarios.

Technical ContextAI

GNU Binutils is a collection of binary tools including the GNU linker (ld), assembler (as), and utilities for object file manipulation. This vulnerability affects the XCOFF (Extended Common Object File Format) parsing code within the linker. XCOFF is primarily used on IBM AIX systems and PowerPC architectures. The CWE-122 (heap-based buffer overflow) occurs when the linker processes specially crafted XCOFF object files, failing to properly validate buffer boundaries during object file parsing or section processing. CPE strings confirm impact across Red Hat Enterprise Linux 6, 7, 8, and 10, suggesting the vulnerable code exists across multiple binutils versions shipped in these distributions. The heap overflow condition allows memory corruption that can be leveraged for code execution with the privileges of the user running the linker.

RemediationAI

Apply vendor-provided security updates for GNU Binutils when Red Hat releases patches for affected RHEL versions. Monitor Red Hat Security Advisories (RHSA) referencing CVE-2026-6846 for specific fixed package versions via https://access.redhat.com/security/cve/CVE-2026-6846. Until patches are available, restrict linking operations to trusted XCOFF object files only-validate source integrity and provenance before processing. In development environments, consider disabling XCOFF format support if cross-compiling for AIX/PowerPC is not required (binutils can be built without XCOFF support via configure options, though this requires recompilation and may break existing toolchains). Implement process isolation for build systems using containers or VMs to limit impact of successful exploitation. For high-security environments, restrict binutils execution via MAC policies (SELinux/AppArmor) to prevent privilege escalation beyond the linking user's context. Note that disabling XCOFF support may break legitimate AIX cross-compilation workflows, requiring assessment of operational requirements before implementation.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Development Tools 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed

Share

CVE-2026-6846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy