Security Flaw in musl libc Affects GB18030 4-byte Decoder Function
CVE-2026-6042

4.8MEDIUM

Key Information:

Vendor: Musl
Status: Libc
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-6042?

A flaw has been identified in the GB18030 4-byte Decoder function within musl libc, specifically in the iconv implementation located in src/locale/iconv.c. This vulnerability manifests as inefficient algorithmic complexity that can be exploited through localized interactions. Attackers can manipulate this flaw to degrade performance and potentially disrupt user operations. To mitigate the risks associated with this vulnerability, it is essential to apply the recommended patches promptly.

Affected Version(s)

libc 1.2.0

libc 1.2.1

libc 1.2.2

References

https://vuldb.com/vuln/356620

vdb-entrytechnical-description

https://vuldb.com/vuln/356620/cti

signaturepermissions-required

https://vuldb.com/submit/796352

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 9, 2026

Credit

0x001 (VulDB User)

CVE-2026-6042 Data

JSON

Musl

What is CVE-2026-6042?

Affected Version(s)

References

CVSS V4

Timeline

Credit