CVE-2026-13574
Last modified
CVE-2026-13574 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. EPSS estimates a 0.12% chance of exploitation in the next 30 days.
Description
A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. There are still doubts about whether this vulnerability truly exists. The LLVM project explains, that the reported behavior is outside its documented security scope and therefore not considered a security vulnerability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| llvm | llvm-project | 22.1.0; 22.1.1; 22.1.2; 22.1.3; 22.1.4; 22.1.5; 22.1.6 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-13574?
How severe is CVE-2026-13574?
How do I fix CVE-2026-13574?
Related CVEs from 2026
- CVE-2026-13569A security vulnerability has been detected in weng-xianhu Ey…4.7
- CVE-2026-1357The Migration, Backup, Staging – WPvivid Backup & Migration …9.8
- CVE-2026-13570A vulnerability was detected in SourceCodester Inventory Man…3.5
- CVE-2026-13571A flaw has been found in SourceCodester Simple Food Ordering…5.5
- CVE-2026-13572A vulnerability has been found in itsourcecode Hospital Mana…6.3
- CVE-2026-13573A vulnerability was found in llvm llvm-project up to 22.1.6.…3.3
- CVE-2026-13578A security flaw has been discovered in itsourcecode Hospital…6.3
- CVE-2026-13579A weakness has been identified in itsourcecode Hospital Mana…6.3
- CVE-2026-1358Airleader Master versions 6.381 and prior allow for file upl…9.8
- CVE-2026-13580A security vulnerability has been detected in Edimax EW-7478…8.8
- CVE-2026-13581A vulnerability was detected in Edimax EW-7478APC 1.04. This…6.3
- CVE-2026-13582A flaw has been found in Edimax EW-7478APC 1.04. This issue …8.8
Are you affected by CVE-2026-13574?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
