VDB
CVE-2026-41907
CVE-2026-41907
PUBLISHED
CVSS 8.100000381469727 HIGH
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0.
EPSS 0.01% · 2.8th percentile
Risk Scores
CVSS v4.0
8.100000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
EPSS Score
0.01%
2.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| uuidjs | uuid | < 14.0.0 |
Timeline
- Apr 22, 2026 CVE Published
- Apr 25, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score