CVE-2026-5450

medium

Published 2026-06-29 · Modified 2026-06-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.5

Description

RHSA-2026:33226: glibc security, bug fix, and enhancement update (Moderate)

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width Red Hat statement Because this flaw requires that an affected application call the affected functions with an attacker-supplied value, Red Hat assesses the Attack Complexity of this flaw as High. Additionally, the flaw overflows a single byte onto the heap, so meaningful exploitation requires…

Description

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

Red Hat statement

Because this flaw requires that an affected application call the affected functions with an attacker-supplied value, Red Hat assesses the Attack Complexity of this flaw as High. Additionally, the flaw overflows a single byte onto the heap, so meaningful exploitation requires that the heap is structured such that a single byte can lead to an attacker-controlled outcome, or that the affected functions can be invoked with an attacker-controlled buffer base address. Regarding Attack Vector and Privileges Required, Red Hat assesses these elements as Local and Low respectively, as remote unauthenticated exploitation would require all the conditions above in a library client that listened on a network port and processed attacker-controllable data with the affected library functions.

CVSS v3: 5.0 (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 10.0 Extended Update Support	`glibc-0:2.39-46.el10_0.5`	RHSA-2026:33170	2026-06-29T00:00:00Z
Red Hat Enterprise Linux 8	`glibc-0:2.28-251.el8_10.38`	RHSA-2026:33126	2026-06-29T00:00:00Z
Red Hat Enterprise Linux 8	`glibc-0:2.28-251.el8_10.38`	RHSA-2026:33126	2026-06-29T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	`glibc-0:2.28-189.13.el8_6`	RHSA-2026:33227	2026-06-29T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On	`glibc-0:2.28-189.13.el8_6`	RHSA-2026:33227	2026-06-29T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	`glibc-0:2.28-225.el8_8.17`	RHSA-2026:33228	2026-06-29T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	`glibc-0:2.28-225.el8_8.17`	RHSA-2026:33228	2026-06-29T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	`glibc-0:2.34-60.el9_2.20`	RHSA-2026:33231	2026-06-29T00:00:00Z
Red Hat Hardened Images	`glibc-main-2.42-12.hum1`	RHSA-2026:12740	2026-05-01T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 10	`glibc`	Affected
Red Hat Enterprise Linux 6	`compat-glibc`	Will not fix
Red Hat Enterprise Linux 6	`glibc`	Affected
Red Hat Enterprise Linux 7	`compat-glibc`	Affected
Red Hat Enterprise Linux 7	`glibc`	Affected
Red Hat Enterprise Linux 9	`glibc`	Affected
Red Hat OpenShift Container Platform 4	`rhcos`	Affected

Apply commands

bash fix

Apply RHSA-2026:33170 for Red Hat Enterprise Linux 10.0 Extended Update Support

yum update -y glibc
# or:
dnf upgrade -y glibc

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 10	`Affected`
redhat	Red Hat Enterprise Linux 6	`Affected`
redhat	Red Hat Enterprise Linux 7	`Affected`
redhat	Red Hat Enterprise Linux 7	`Affected`
redhat	Red Hat Enterprise Linux 9	`Affected`
redhat	Red Hat OpenShift Container Platform 4	`Affected`

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Debian Mixed 5 releases

Version	Status	Fixed in
trixie	Affected	—
sid	Fixed	`2.42-17`
forky	Fixed	`2.42-17`
bullseye	Affected	—
bookworm	Affected	—

Red Hat Fixed 2 releases

Version	Status	Fixed in
9	Fixed	—
8	Fixed	—

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.