CVE-2026-41988

LOW

3.2

Description

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.

Details CVE

Score CVSS v3.13.2

SeveriteLOW

Vecteur CVSSCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Vecteur d'attaqueLOCAL

ComplexiteHIGH

Privileges requisNONE

Interaction utilisateurNONE

Publie4/23/2026

Derniere modification4/24/2026

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-670

References

https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34(cve@mitre.org)

https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq(cve@mitre.org)

https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.