Buffer Overflow Vulnerability in GNU C Library Affecting Legacy NIS Functionality
CVE-2026-5358

Currently unrated

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 20 April 2026

🔔 Create The Gnu C Library Vulnerability Alert

What is CVE-2026-5358?

The obsolete nis_local_principal function in the GNU C Library has a known vulnerability that can lead to a buffer overflow. This flaw allows an attacker to craft a malicious response to a UDP request, potentially allowing them to overwrite static data in the application that initiated the request. Since NIS support has been deprecated in the GNU C Library from version 2.26 onwards, it is strongly recommended that applications transition to modern identity and access management solutions to enhance security.

Affected Version(s)

glibc 0 <= 2.43

References

https://sourceware.org/bugzilla/show_bug.cgi?id=34067

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

Rahul Hoysala

CVE-2026-5358 Data

JSON