Out-of-Bounds Read Vulnerability in Sleuth Kit by The Sleuth Kit Team
CVE-2026-40026

4.8MEDIUM

Key Information:

Vendor: Sleuthkit
Status: Sleuthkit
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-40026?

The Sleuth Kit up to version 4.14.0 contains a vulnerability within the ISO9660 filesystem parser, specifically in the parse_susp() function. The vulnerability arises from the function’s reliance on the len_id, len_des, and len_src fields from a disk image, which it uses to memcpy data into a stack buffer without proper validation. This mismanagement permits an attacker to create a malicious ISO image that can lead to unauthorized memory access, enabling reads past the boundary of the SUSP data buffer. Additionally, a zero-length SUSP entry could instigate an infinite parsing loop, which poses further security risks.

Affected Version(s)

sleuthkit 0 <= 4.14.0

sleuthkit a95b0ac21733b059a517aaefa667a17e1bcbdee1

References

https://github.com/sleuthkit/sleuthkit/pull/3445

product

https://github.com/sleuthkit/sleuthkit/commit/a95b0ac2173...

patch

https://mobasi.ai/sentinel

vendor-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 8, 2026

Credit

Mobasi Security Team

CVE-2026-40026 Data

JSON