Integer Overflow Vulnerability in GNU Wget Affected by Malicious Headers
CVE-2026-58470

6.9MEDIUM

Key Information:

Vendor

Gnuwget

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-58470?

GNU Wget, a widely used command-line utility for downloading files, is susceptible to an integer overflow vulnerability. This issue arises within the parse_content_range() function in the source file src/http.c, where incorrect handling of Content-Range headers can lead to signed integer arithmetic overflow. Attackers who manipulate these headers can instigate undefined behavior in the Wget client, which may allow them to exploit the application further. The vulnerability is patched in version 1.25.1, and users are advised to update to mitigate any risks associated with this flaw.

Affected Version(s)

wget 0 <= 1.25.0

wget 0 <= 1.25.0

wget 43d3ba9336bc94937e6fae2365c6ffd30c34ffcf

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tristan Madani
.