Heap Buffer Overflow in libsolv Affects Multiple Products
CVE-2026-48864

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-48864?

A heap buffer overflow vulnerability has been identified in libsolv that occurs during the handling of compressed data in .solv files. The flaw arises from inadequate input validation, allowing attackers to craft malicious .solv files. When these files are processed by applications using vulnerable versions of libsolv, they can lead to out-of-bounds memory access. Consequently, this can expose sensitive information, alter the normal execution flow of applications, or cause denial of service.

References

https://access.redhat.com/security/cve/CVE-2026-48864

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2460425

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 25, 2026

Credit

This issue was discovered by Found by AISLE in partnership with Red Hat.

CVE-2026-48864 Data

JSON