CVE Catalog

CVE-2026-38640

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.45%

36th percentile — higher than 36% of all known CVEs

Summary

A reachable unwrap in the __assert_fail function of relibc (commit 61f42d) allows attackers to cause a Denial of Service (DoS) via a crafted string.

Risk Assessment

An attacker can remotely crash applications using the vulnerable version of relibc, leading to service disruption and potential financial or operational losses.

Recommendation

Update relibc to a version containing the fix for commit 61f42d or apply a patch to prevent uncontrolled unwrap in the __assert_fail function.

Original NVD description (English source)

A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS