CVE-2026-40200 — Vulnetix

CVE-2026-40200 PUBLISHED CVSS 8.100000381469727 HIGH

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

EPSS 0.02% · 5.8th percentile

Risk Scores

CVSS v3.1

8.100000381469727

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.02%

5.8th percentile

Affected Products

Vendor	Product	Versions
musl-libc	musl	0.7.10, 0.7.10

Timeline

Apr 10, 2026 CVE Published
Apr 10, 2026 PoC Published
Apr 10, 2026 PoC Published
Apr 11, 2026 EPSS Score
Apr 13, 2026 Security Advisory
Apr 14, 2026 CVE Updated
May 18, 2026 EPSS Score
May 19, 2026 EPSS Score
May 20, 2026 EPSS Score
May 21, 2026 EPSS Score
May 22, 2026 EPSS Score
May 23, 2026 EPSS Score

References

https://musl.libc.org/releases.html url
https://www.openwall.com/lists/oss-security/2026/04/10/13 url
http://www.openwall.com/lists/oss-security/2026/04/10/13 url
https://advisory.splunk.com/advisories/SVD-2026-0512 advisory
https://advisory.splunk.com/advisories/SVD-2026-0513 advisory
https://advisory.splunk.com/advisories/SVD-2026-0509 advisory
https://advisory.splunk.com/advisories/SVD-2026-0510 advisory
https://advisory.splunk.com/advisories/SVD-2026-0505 advisory
https://advisory.splunk.com/advisories/SVD-2026-0515 advisory
https://advisory.splunk.com/advisories/SVD-2026-0507 advisory
https://advisory.splunk.com/advisories/SVD-2026-0506 advisory
https://advisory.splunk.com/advisories/SVD-2026-0508 advisory
https://advisory.splunk.com/advisories/SVD-2026-0504 advisory
https://advisory.splunk.com/advisories/SVD-2026-0514 advisory
https://advisory.splunk.com/advisories/SVD-2026-0516 advisory
https://advisory.splunk.com/advisories/SVD-2026-0501 advisory
https://advisory.splunk.com/advisories/SVD-2026-0503 advisory
https://advisory.splunk.com/advisories/SVD-2026-0511 advisory
https://advisory.splunk.com/advisories/SVD-2026-0502 advisory

Open in Interactive Console →