CVE-2026-42199 MEDIUM

CVE-2026-42199: Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior

Vendor Becheran
Product grid
Weakness CWE-190
Published May 8, 2026
Last update May 11, 2026

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get() may invoke get_unchecked() with an invalid index, resulting in Undefined Behavior. This issue has been patched in version 1.0.1.

Key dates

02Disclosure timeline

May 8, 2026 CVE published
May 11, 2026 Record updated