What is the CVSS score of EUVD-2026-17073?

EUVD-2026-17073 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of libarchive are affected by EUVD-2026-17073?

CVE-2026-5121 is a remote code execution vulnerability in libarchive affecting Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4, allowing unauthenticated attackers to execute…. A patch is available.

libarchive EUVD-2026-17073

| CVE-2026-5121 HIGH

Integer Overflow or Wraparound (CWE-190)

2026-03-30 redhat

RCE Buffer Overflow Integer Overflow

7.5

CVSS 3.1

Temporal: 9.8

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 22, 2026 - 07:27 vuln.today

v8 (cvss_changed)

Analysis Updated

Apr 20, 2026 - 14:27 vuln.today

v7 (cvss_changed)

Analysis Updated

Apr 20, 2026 - 09:44 vuln.today

v6 (cvss_changed)

Analysis Updated

Apr 20, 2026 - 06:27 vuln.today

v5 (cvss_changed)

Analysis Updated

Apr 20, 2026 - 05:27 vuln.today

v4 (cvss_changed)

Analysis Updated

Apr 20, 2026 - 04:31 vuln.today

v3 (cvss_changed)

Analysis Updated

Apr 20, 2026 - 03:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 16, 2026 - 17:22 vuln.today

cvss_changed

Severity Changed

Apr 14, 2026 - 16:22 NVD

CRITICAL HIGH

CVSS changed

Apr 14, 2026 - 16:22 NVD

9.8 (CRITICAL) 7.5 (HIGH)

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 30, 2026 - 08:15 euvd

EUVD-2026-17073

Analysis Generated

Mar 30, 2026 - 08:15 vuln.today

CVE Published

Mar 30, 2026 - 07:47 nvd

CRITICAL 9.8

DescriptionNVD

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

AnalysisAI

Remote code execution in libarchive on 32-bit systems allows unauthenticated attackers to execute arbitrary code via specially crafted ISO9660 images. The vulnerability affects Red Hat Enterprise Linux versions 6 through 10 and OpenShift Container Platform 4, with vendor patches released across multiple RHSA advisories. …

RemediationAI

Within 24 hours: Inventory all systems running RHEL 6-10 and OpenShift 4 with libarchive installed; identify Internet-facing deployments processing ISO/archive files. Within 7 days: Apply vendor-released patches from applicable RHSA advisories (check Red Hat Security Advisory for specific RHEL version patches); prioritize OpenShift Container Platform 4 nodes and any systems that accept untrusted archive uploads. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Vendor StatusVendor

Debian

libarchive

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	3.4.3-2+deb11u1	-
bullseye (security)	vulnerable	3.4.3-2+deb11u3	-
bookworm	vulnerable	3.6.2-1+deb12u3	-
bookworm (security)	vulnerable	3.6.2-1+deb12u2	-
trixie	vulnerable	3.7.4-4	-
forky, sid	vulnerable	3.8.5-1	-
(unstable)	fixed	(unfixed)	-

EUVD-2026-17073 vulnerability details – vuln.today

Back

libarchive EUVD-2026-17073

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Vendor StatusVendor

Debian

Share

External POC / Exploit Code