CVE-2026-53689

7.1HIGH

Key Information:

Vendor: Sahlberg
Status: Libnfs
Vendor: CVE Published:; 10 June 2026

What is CVE-2026-53689?

libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c.

Affected Version(s)

libnfs 0 < 55c18ea33a83d667f79f0ef209c96895795c729f

References

https://github.com/sahlberg/libnfs/commit/55c18ea33a83d66...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Jun 10, 2026

CVE-2026-53689 Data

JSON

Sahlberg

What is CVE-2026-53689?

Affected Version(s)

References

CVSS V3.1

Timeline