Out-of-bounds Write

CVE-2026-41907

High

8.1/10

Summary

uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. 11.0.0 prior to 11.1.1, 12.0.0 prior to 12.0.1, 13.0.0 prior to 13.0.1, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 11.1.1, 12.0.1, 13.0.1, 14.0.0.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-787 - Out-of-Bounds Write

Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.

References

Advisory

Advisory Timeline

Published Apr 24, 2026

Out-of-bounds Write

CVE-2026-41907

Summary

CWE-787 - Out-of-Bounds Write

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS