CVE-2026-40200 musl — Exploit & Vulnerability Details HIGH

CVE-2026-40200

HIGH CVSS 3.1: 8.1 EPSS 0.02%

Parameter	Value
CVSS	8.1 (HIGH)
Type	CWE-670
Vendor	musl
Public PoC	No

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

High

Difficult to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-670

References 3

https://musl.libc.org/releases.html

cve@mitre.org

https://www.openwall.com/lists/oss-security/2026/04/10/13

cve@mitre.org

http://www.openwall.com/lists/oss-security/2026/04/10/13

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Menu

CVE-2026-40200

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Menu

CVE-2026-40200

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Stay informed on cybersecurity