Heap Buffer Overflow Vulnerability in libyang by CESNET
CVE-2026-44673

7.5HIGH

Key Information:

Vendor: Cesnet
Status: Libyang
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-44673?

The libyang library, utilized for YANG data modeling, is susceptible to a heap buffer overflow due to an integer overflow in the function lyb_read_string() before version SO 5.2.15. An attacker able to supply specially crafted LYB binary data to libyang consumers, such as NETCONF servers or sysrepo, may exploit this vulnerability to induce a crash or potentially corrupt heap memory. This issue can lead to system instability and unauthorized access if left unaddressed. The vulnerability has been remedied in version SO 5.2.15. For more information, visit the advisory at CESNET.

Affected Version(s)

libyang < SO 5.2.15

References

https://github.com/CESNET/libyang/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44673 Data

JSON

Cesnet

What is CVE-2026-44673?

Affected Version(s)

References

CVSS V3.1

Timeline