What is the CVSS score of CVE-2026-9149?

CVE-2026-9149 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-9149?

Yes, a patch is available for CVE-2026-9149. Update the affected software to the latest version immediately.

libsolv CVE-2026-9149

EUVD-2026-31201 MEDIUM

Heap-based Buffer Overflow (CWE-122)

2026-05-21 secalert@redhat.com

GHSA-9q56-xf64-q987

Buffer Overflow Denial Of Service Heap Overflow Suse

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

May 21, 2026 - 00:28 vuln.today

Analysis Generated

May 21, 2026 - 00:28 vuln.today

DescriptionNVD

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative size values in the repo_add_solv function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

AnalysisAI

Heap-based buffer overflow in libsolv's repo_add_solv() function enables a remote unauthenticated attacker to crash the parsing process by delivering a specially crafted .solv repository metadata file containing negative values in the maxsize or allsize header fields. The malformed values bypass allocation sizing logic, producing an undersized heap buffer that is subsequently written past its bounds, yielding a denial of service. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory