CVE-2026-43958
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A stack-based buffer overflow was found in rrdcached, a component of rrdtool. A local attacker with access to the rrdcached socket can send an oversized CREATE request, causing a denial of service via daemon crash or potentially allowing arbitrary code execution.
Risk Assessment
The risk includes disruption of monitoring services relying on rrdtool and potential loss of data confidentiality and integrity due to arbitrary code execution by a local attacker.
Recommendation
Immediately update rrdtool to a version containing the fix for CVE-2026-43958 and restrict access to the rrdcached socket to trusted users only.
Original NVD description (English source)
A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data.

