CVE-2026-48863
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length ha
CVSS
7.5
High
EPSS
0.8%
p52
KEV
—
Exploit Today
16
0-100
Published: Jul 16, 2026 · Last modified: Jul 16, 2026 · CWE-121
Not enough EPSS history yet.
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-48863
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2460975
- github.comhttps://github.com/openSUSE/libsolv/commit/44f8c085045b1f771641091bbb2b810d12cff9e8#diff-309f245ec9b669ec78b8159c39e6f50130b4d4a0448f742685f7833d04bc4caaR592
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-48863
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2460975
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48863.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-510878.6 HIG94.0%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.13dCVE-2025-510885.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.13dCVE-2025-510855.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.13dCVE-2025-606908.8 HIG89.1%
——27A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.13dCVE-2026-248818.1 HIG75.2%
——23In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.3dCVE-2026-503877.8 HIG75.0%
——22Stack-based buffer overflow in Windows GDI allows an authorized attacker to elevate privileges locally.1d