Use After Free Vulnerability in gawk Affects GNU Software
CVE-2026-40467

5.1MEDIUM

Key Information:

Vendor

Gnu

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-40467?

A Use After Free vulnerability has been identified in the 'io.c' program file of gawk, specifically within the do_getline_redir() routine. This flaw can potentially lead to unexpected crashes when the software is run. Affected versions include gawk 5.4.0 and earlier, making it crucial for users to assess their systems and apply necessary updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

gawk 0 <= 5.4.0

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michał Majchrowicz (AFINE)
Marcin Wyczechowski (AFINE)
.