What the vulnerability does

01Description

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges.

Key dates

02Disclosure timeline

April 30, 2026 CVE published
May 1, 2026 Record updated