CVE-2026-6846 | THREATINT

Description

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

PUBLISHED Reserved 2026-04-22 | Published 2026-04-22 | Updated 2026-04-23 | Assigner redhat

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

Heap-based Buffer Overflow

Product status

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

affected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Default status

affected

Default status

affected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Timeline

2026-04-08:	Reported to Red Hat.
2026-04-08:	Made public.

Credits

Red Hat would like to thank Takao Sato for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-6846 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2460006 (RHBZ#2460006) issue-tracking

cve.org (CVE-2026-6846)

nvd.nist.gov (CVE-2026-6846)

Download JSON