CVE-2026-57918

Name: CVE-2026-57918
Creator: NVD / NIST
Published: 2026-06-26T11:16:31.7+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.1/10

Last modified Jun 26, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker.

Metrics

CVSS 3.1

7.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

Weakness Enumeration

CWE-191

References

https://github.com/sahlberg/libnfs/commit/935b8db712b3c6649bc57ddc276526c4a31680de

Timeline

Published: Jun 26, 2026
Last Modified: Jun 26, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-57918?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST