VDB

CVE-2026-4438

CVE-2026-4438 PUBLISHED CVSS 5.400000095367432 MEDIUM

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

EPSS 0.07% · 20.6th percentile

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.07%
20.6th percentile

Affected Products

VendorProductVersions
gnuglibc2.34
The GNU C Libraryglibc2.34, 2.34

Exploit Intelligence

…and 9 more exploits

Timeline

  • Mar 20, 2026 PoC Published
  • Mar 20, 2026 CVE Published
  • Mar 21, 2026 EPSS Score
  • Mar 22, 2026 EPSS Score
  • Mar 22, 2026 Coalition ESS Score
  • Mar 23, 2026 EPSS Score
  • Mar 23, 2026 Coalition ESS Score
  • Mar 23, 2026 CVE Updated
  • Mar 24, 2026 EPSS Score
  • Mar 24, 2026 Coalition ESS Score
  • Mar 25, 2026 EPSS Score
  • Mar 25, 2026 Coalition ESS Score

References

…and 59 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›