Heap Corruption Vulnerability in GNU C Library by the Free Software Foundation
CVE-2026-0861

8.4HIGH

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 14 January 2026

🔔 Create The Gnu C Library Vulnerability Alert

What is CVE-2026-0861?

The vulnerability arises from passing a value larger than expected to the memalign suite of functions in the GNU C Library versions 2.30 to 2.42. This can lead to an integer overflow, potentially allowing for heap corruption. Such exploitation may enable adversaries to manipulate memory allocation mechanisms, leading to security breaches or system stability issues.

Affected Version(s)

glibc 2.30 <= 2.42

References

https://sourceware.org/bugzilla/show_bug.cgi?id=33796

https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=ad...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2026
Vulnerability Reserved
Jan 12, 2026

Credit

Igor Morgenstern, Aisle Research

JSON