cvedb.io
CVE-2026-6846
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2026-04-22T09:16:27.607 · Last modified 2026-07-01T13:17:51.770

Summary

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

Affected products

gnu — binutils

Does this affect you?

Add your gear to cvedb and we'll alert you only when gnu ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.