Denial of Service Vulnerabilities in binutils readelf Utility
CVE-2026-6844

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-6844?

A flaw exists in the readelf utility of the binutils package that can be exploited by local attackers using specially crafted Executable and Linkable Format (ELF) files. One issue relates to resource exhaustion, which can cause an out-of-memory condition, while the other involves a null pointer dereference that may result in a segmentation fault. Both vulnerabilities may lead to the readelf utility becoming unresponsive or crashing, resulting in Denial of Service scenarios.

References

https://access.redhat.com/security/cve/CVE-2026-6844

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2460016

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 22, 2026

Credit

Red Hat would like to thank samuel kariri kamau for reporting this issue.

CVE-2026-6844 Data

JSON