CVE-2026-5121 HIGH

CVE-2026-5121: Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-190
Published March 30, 2026
Last update June 10, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

Key dates

02Disclosure timeline

March 30, 2026 CVE published
June 10, 2026 Record updated