Always-Incorrect Control Flow Implementation in uuid

CVE-2026-41988

uuid

Low

3.2/10

Summary

uuid prior to 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-670 - Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

References

Advisory

Advisory Timeline

Published Apr 23, 2026

Always-Incorrect Control Flow Implementation in uuid

CVE-2026-41988

Summary

CWE-670 - Always-Incorrect Control Flow Implementation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS