Skip to main content

Musl EUVDEUVD-2026-21496

| CVE-2026-40200 HIGH
Always-Incorrect Control Flow Implementation (CWE-670)
2026-04-10 mitre
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Red Hat
7.8 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 27, 2026 - 19:22 vuln.today
cvss_changed
EUVD ID Assigned
Apr 10, 2026 - 16:30 euvd
EUVD-2026-21496
Analysis Generated
Apr 10, 2026 - 16:30 vuln.today
CVE Published
Apr 10, 2026 - 00:00 nvd
HIGH 8.1

DescriptionCVE.org

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

AnalysisAI

Stack-based buffer overflow in musl libc 0.7.10 through 1.2.6 allows local attackers with high complexity requirements to corrupt memory during qsort operations on exceptionally large arrays (exceeding ~7 million elements on 32-bit systems, corresponding to the 32nd Leonardo number). Exploitation requires sorting arrays approaching billion-element scale on 64-bit platforms. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Create application using musl libc
Exploit
Trigger qsort with >7 million array elements
Execution
Corrupt stack via double-word primitives
Impact
Execute arbitrary code with elevated privileges

Vulnerability AssessmentAI

Exploitation Local attacker or application must call qsort() on arrays exceeding ~7 million elements on 32-bit systems or ~64-bit Leonardo numbers on 64-bit systems. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 8.1 reflects severe impact (confidentiality, integrity, availability) via local unauthenticated access on high-complexity conditions. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario Attacker with local system access crafts application invoking qsort() on artificially inflated dataset (>7M elements), triggering stack corruption in musl's double-word primitives. Overflow overwrites stack canaries and return addresses, achieving arbitrary code execution. …
Remediation Monitor musl libc project release page (https://musl.libc.org/releases.html) for patched versions addressing this qsort vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems and containers running musl libc versions 0.7.10-1.2.6 (check ldd --version or musl-libc --version; identify Alpine Linux, BusyBox-based images, and embedded Linux deployments). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Share

EUVD-2026-21496 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy