Out-of-Bounds Read Vulnerability in Sleuth Kit's APFS Filesystem Keybag Parser
CVE-2026-40025

4.8MEDIUM

Key Information:

Vendor: Sleuthkit
Status: Sleuthkit
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-40025?

The Sleuth Kit, up to version 4.14.0, is vulnerable to an out-of-bounds read issue in its APFS filesystem keybag parser. This vulnerability arises when the wrapped_key_parser class processes attacker-controlled length fields without adequate bounds checking. Consequently, this flaw allows for heap reads beyond the allocated buffer. An attacker can exploit this vulnerability by creating a malicious APFS disk image, potentially leading to information disclosure or causing crashes during the processing of APFS volumes by Sleuth Kit tools.

Affected Version(s)

sleuthkit 0 <= 4.14.0

sleuthkit 8b9c9e7d493bd68624f3b1a3963edd45c3ff7611

References

https://github.com/sleuthkit/sleuthkit/pull/3444

product

https://github.com/sleuthkit/sleuthkit/commit/8b9c9e7d493...

patch

https://mobasi.ai/sentinel

vendor-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 8, 2026

Credit

Mobasi Security Team

CVE-2026-40025 Data

JSON