Buffer Overflow Vulnerability in Gawk Affecting GNU Software
CVE-2026-40553

5.1MEDIUM

Key Information:

Vendor

Gnu

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-40553?

A buffer overflow vulnerability has been identified in the 'extension/readdir.c' file of the Gawk program, specifically within the ftype() routine. This flaw has the potential to crash the application and may allow for code execution, although successful exploitation for the latter has not been confirmed. The issue affects Gawk versions 5.4.0 and earlier, emphasizing the importance of upgrading to mitigate risks.

Affected Version(s)

gawk 0 <= 5.4.0

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michał Majchrowicz (AFINE)
Marcin Wyczechowski (AFINE)
.