CVE Catalog

CVE-2026-11822

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

SQLite versions before 3.53.2 contain memory corruption vulnerabilities in the FTS5 full-text search extension that can lead to process crashes, memory exhaustion, or arbitrary code execution. Attackers can exploit malformed FTS5 page data in a crafted database.

Risk Assessment

These vulnerabilities can lead to serious security incidents, including unauthorized access to systems and data. Organizations should be aware of the risks associated with using vulnerable versions of SQLite.

Recommendation

It is recommended to upgrade SQLite to version 3.53.2 or later to mitigate these vulnerabilities. Additionally, databases should be monitored and verified for potential attacks.

Original NVD description (English source)

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bounds read in fts5LeafSeek() via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate() through a crafted continuation page causing an integer underflow, exploitable when an FTS5 MATCH query is executed against the malicious database.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS