Integer Overflow Vulnerability in libarchive Affecting 32-bit Systems
CVE-2026-5121

9.8CRITICAL

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 30 March 2026

What is CVE-2026-5121?

An integer overflow vulnerability has been identified in libarchive specifically affecting 32-bit systems. This flaw resides in the zisofs block pointer allocation logic, allowing a remote attacker to exploit it by delivering a crafted ISO9660 image. Successful exploitation can lead to a heap buffer overflow, potentially enabling arbitrary code execution on the compromised system. It is crucial for users of libarchive to apply the necessary updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2026-5121

vdb-entryx_refsource_REDHAT

https://github.com/libarchive/libarchive/pull/2934

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 30, 2026

Credit

Red Hat would like to thank Elhanan Haenel for reporting this issue.

JSON

Red Hat

What is CVE-2026-5121?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.