CVE-2026-5450

CVE-2026-5450: scanf %mc off-by-one heap buffer overflow

Vendor The Gnu C Library
Product glibc
Weakness CWE-122
Published April 20, 2026
Last update April 21, 2026

CVSS base score

What the vulnerability does

01Description

Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

Key dates

02Disclosure timeline

April 20, 2026 CVE published
April 21, 2026 Record updated