CVE-2026-40025 MEDIUM

CVE-2026-40025: Sleuth Kit APFS Keybag Parser Out-of-Bounds Read

Vendor Sleuthkit
Product sleuthkit
Weakness CWE-125
Published April 8, 2026
Last update April 9, 2026

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when processed by any Sleuth Kit tool that parses APFS volumes.

Key dates

02Disclosure timeline

April 8, 2026 CVE published
April 9, 2026 Record updated