Skip to main content

Libefiboot

1 CVEs product

Monthly

CVE-2026-6862 MEDIUM PATCH This Month

Libefiboot in efivar fails to validate that EFI device path node length fields meet the 4-byte minimum requirement, allowing local users to trigger infinite recursion and stack exhaustion via crafted device paths. The vulnerability requires user interaction but causes denial of service by crashing affected processes, with no privilege escalation or data compromise. No active exploitation has been confirmed at the time of analysis.

Denial Of Service Libefiboot
NVD
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Libefiboot in efivar fails to validate that EFI device path node length fields meet the 4-byte minimum requirement, allowing local users to trigger infinite recursion and stack exhaustion via crafted device paths. The vulnerability requires user interaction but causes denial of service by crashing affected processes, with no privilege escalation or data compromise. No active exploitation has been confirmed at the time of analysis.

Denial Of Service Libefiboot
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy