Skip to main content

CWE-197

Numeric Truncation Error

44 CVEs Avg CVSS 7.5 MITRE
3
CRITICAL
30
HIGH
10
MEDIUM
1
LOW
3
POC
1
KEV

Monthly

CVE-2026-55142 MEDIUM PATCH Exploit Unlikely This Month

Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2019 Microsoft Office 365 For Mac +6
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50357 HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver lets an already-authenticated, low-privileged user on affected Windows 10, Windows 11, and Windows Server 2016–2025 systems escalate to code execution through a numeric truncation flaw (CWE-197). No public exploit has been identified at time of analysis, and it is not on CISA KEV, but Microsoft has released a patch. Note a data conflict: the description states code execution and the CVSS carries C:H/I:H/A:H, yet the vendor tags label it 'Information Disclosure' — the CVSS-backed local elevation-of-privilege reading is treated as authoritative here.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-49792 HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver allows an authorized (low-privileged) attacker to run arbitrary code with elevated context via a numeric truncation flaw. The bug affects the ReFS component shipped with Windows 10, Windows 11, and Windows Server 2016 through 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; note that the CVE's own tags label it 'Information Disclosure' while the description and CVSS impact (C:H/I:H/A:H) describe full code execution - the code-execution reading should be treated as authoritative.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-44823 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel stems from an integer underflow that, when triggered by opening a crafted spreadsheet, allows an attacker to run arbitrary code in the context of the current user. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms exploitation requires the victim to open a malicious file, and there is no public exploit identified at time of analysis. With a base score of 7.8 and full confidentiality, integrity, and availability impact, successful exploitation effectively gives the attacker the victim's privileges on the host.

Authentication Bypass Microsoft 365 Apps Excel Microsoft 365 +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-40409 HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows a local authenticated attacker to escalate to SYSTEM-level privileges with high impact on confidentiality, integrity, and availability. The CVSS 7.8 vector indicates local attack with low complexity and low privileges required, and no public exploit identified at time of analysis. The vulnerability stems from a numeric truncation error (CWE-197) in kernel-mode file system code, a class historically favored by post-compromise privilege escalation chains.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42944 HIGH PATCH This Week

Heap overflow denial-of-service in NLnet Labs Unbound recursive DNS resolver versions 1.14.0 through 1.25.0 allows remote unauthenticated attackers to crash the resolver by sending DNS queries containing multiple NSID, DNS Cookie, and/or EDNS Padding options. The flaw stems from a numeric truncation in EDNS field size calculation that lets attacker-influenced data overflow the response buffer. No public exploit identified at time of analysis and not listed in CISA KEV, but the impact is service-wide DNS outage for any user of an affected resolver.

Denial Of Service Unbound
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-44927 LOW PATCH Monitor

Pointer difference truncation to signed int in uriparser before version 1.0.2 allows local attackers to cause integer overflow and data integrity issues through specially crafted URI inputs. The vulnerability stems from unsafe casting of pointer arithmetic results (afterLast - first) to int, which can overflow on systems where pointer differences exceed INT_MAX, leading to buffer overflows, incorrect memory calculations, and potential information disclosure. While CVSS score is low (2.9) due to local attack vector and high complexity, the fix adds comprehensive overflow detection using SIZE_MAX checks, indicating real risk in applications processing untrusted URIs locally.

Information Disclosure Uriparser
NVD GitHub VulDB
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-42371 MEDIUM PATCH This Month

uriparser before 1.0.1 suffers a numeric truncation vulnerability in text range comparison that causes denial of service when processing URIs with gigabyte-scale lengths. The flaw occurs because internal range comparisons truncate large numeric values, allowing maliciously crafted oversized URIs to bypass length validation and trigger memory exhaustion or processing failures. Local attackers can exploit this via specially constructed input, though practical exploitation requires an application to accept and process URIs of exceptional size.

Information Disclosure Uriparser
NVD GitHub VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-32240 MEDIUM PATCH This Month

n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 contains a vulnerability that allows attackers to HTTP request/response smuggling.

Information Disclosure Capnproto Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-10543 Go MEDIUM PATCH This Month

A security vulnerability in Eclipse Paho Go MQTT (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Paho Mqtt Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver lets an already-authenticated, low-privileged user on affected Windows 10, Windows 11, and Windows Server 2016–2025 systems escalate to code execution through a numeric truncation flaw (CWE-197). No public exploit has been identified at time of analysis, and it is not on CISA KEV, but Microsoft has released a patch. Note a data conflict: the description states code execution and the CVSS carries C:H/I:H/A:H, yet the vendor tags label it 'Information Disclosure' — the CVSS-backed local elevation-of-privilege reading is treated as authoritative here.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver allows an authorized (low-privileged) attacker to run arbitrary code with elevated context via a numeric truncation flaw. The bug affects the ReFS component shipped with Windows 10, Windows 11, and Windows Server 2016 through 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; note that the CVE's own tags label it 'Information Disclosure' while the description and CVSS impact (C:H/I:H/A:H) describe full code execution - the code-execution reading should be treated as authoritative.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel stems from an integer underflow that, when triggered by opening a crafted spreadsheet, allows an attacker to run arbitrary code in the context of the current user. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms exploitation requires the victim to open a malicious file, and there is no public exploit identified at time of analysis. With a base score of 7.8 and full confidentiality, integrity, and availability impact, successful exploitation effectively gives the attacker the victim's privileges on the host.

Authentication Bypass Microsoft 365 Apps +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows a local authenticated attacker to escalate to SYSTEM-level privileges with high impact on confidentiality, integrity, and availability. The CVSS 7.8 vector indicates local attack with low complexity and low privileges required, and no public exploit identified at time of analysis. The vulnerability stems from a numeric truncation error (CWE-197) in kernel-mode file system code, a class historically favored by post-compromise privilege escalation chains.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Heap overflow denial-of-service in NLnet Labs Unbound recursive DNS resolver versions 1.14.0 through 1.25.0 allows remote unauthenticated attackers to crash the resolver by sending DNS queries containing multiple NSID, DNS Cookie, and/or EDNS Padding options. The flaw stems from a numeric truncation in EDNS field size calculation that lets attacker-influenced data overflow the response buffer. No public exploit identified at time of analysis and not listed in CISA KEV, but the impact is service-wide DNS outage for any user of an affected resolver.

Denial Of Service Unbound
NVD VulDB
EPSS 0% CVSS 2.9
LOW PATCH Monitor

Pointer difference truncation to signed int in uriparser before version 1.0.2 allows local attackers to cause integer overflow and data integrity issues through specially crafted URI inputs. The vulnerability stems from unsafe casting of pointer arithmetic results (afterLast - first) to int, which can overflow on systems where pointer differences exceed INT_MAX, leading to buffer overflows, incorrect memory calculations, and potential information disclosure. While CVSS score is low (2.9) due to local attack vector and high complexity, the fix adds comprehensive overflow detection using SIZE_MAX checks, indicating real risk in applications processing untrusted URIs locally.

Information Disclosure Uriparser
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

uriparser before 1.0.1 suffers a numeric truncation vulnerability in text range comparison that causes denial of service when processing URIs with gigabyte-scale lengths. The flaw occurs because internal range comparisons truncate large numeric values, allowing maliciously crafted oversized URIs to bypass length validation and trigger memory exhaustion or processing failures. Local attackers can exploit this via specially constructed input, though practical exploitation requires an application to accept and process URIs of exceptional size.

Information Disclosure Uriparser
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 contains a vulnerability that allows attackers to HTTP request/response smuggling.

Information Disclosure Capnproto Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A security vulnerability in Eclipse Paho Go MQTT (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Paho Mqtt Red Hat +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy