VDB
CVE-2026-4046
CVE-2026-4046
PUBLISHED
CVSS 8.699999809265137 HIGH
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.
EPSS 0.08% · 23.7th percentile
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.08%
23.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The GNU C Library | glibc | 2.3.3, 2.3.3 |
| gnu | glibc | 0 |
Timeline
- Mar 30, 2026 CVE Published
- Mar 30, 2026 PoC Published
- Mar 30, 2026 PoC Published
- Mar 30, 2026 PoC Published
- Mar 31, 2026 EPSS Score
- Mar 31, 2026 Security Advisory
- Apr 8, 2026 PoC Published
- Apr 20, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 19, 2026 PoC Published
- May 20, 2026 EPSS Score
References
- https://sourceware.org/bugzilla/show_bug.cgi?id=33980 url
- https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD url
- https://nvd.nist.gov/vuln/detail/CVE-2026-4046 advisory
- https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u mailing-list