Integer Underflow in libnfs Affects NFS Connections
CVE-2026-57918

7.1HIGH

Key Information:

Vendor: Sahlberg
Status: Libnfs
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-57918?

The libnfs library, utilized for network file system (NFS) connections, is susceptible to an integer underflow issue in its READ_IOVEC function. This vulnerability occurs when connecting to a specially crafted NFS server, leading to potential disruptions or unauthorized actions. The flaw arises as the expected Protocol Data Unit (PDU) size surpasses the absolute PDU size derived from the xid/record-marker, which may compromise the stability and security of NFS communications.

Affected Version(s)

libnfs 0 < 935b8db712b3c6649bc57ddc276526c4a31680de

References

https://github.com/sahlberg/libnfs/commit/935b8db712b3c66...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 26, 2026

CVE-2026-57918 Data

JSON

Sahlberg

What is CVE-2026-57918?

Affected Version(s)

References

CVSS V3.1

Timeline