CVE-2026-5121 — Vulnetix

CVE-2026-5121 PUBLISHED CVSS 7.5 HIGH

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

EPSS 0.06% · 20.3th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.06%

20.3th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	0:3.5.3-7.el9_6.1
Red Hat	Red Hat Enterprise Linux 10
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	0:3.3.3-6.el8_6.1
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	*
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	0:3.3.3-5.el8_8.2
Red Hat	Red Hat Update Infrastructure 5	1777454300
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	0:3.5.3-2.el9_0.4
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	0:3.3.3-6.el8_6.1
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	0:3.5.3-5.el9_2.2
Red Hat	Red Hat OpenShift Container Platform 4
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	0:3.3.3-1.el8_4.2
Red Hat	Red Hat Update Infrastructure 5	1776868744
Red Hat	Red Hat Hardened Images	3.8.7-1.hum1
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	0:3.5.3-5.el9_4
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	0:3.3.3-1.el8_4.2
redhat	hardened_images
Red Hat	Red Hat OpenShift Container Platform 4.16	416.94.202604211449-0
redhat	enterprise_linux	6.0, 7.0, 8.0
Red Hat	Red Hat Update Infrastructure 5	1776868842
Red Hat	Red Hat Enterprise Linux 9	0:3.5.3-9.el9_7, *

…and 13 more

Exploit Intelligence

CIRCL seen: CVE-2026-5121 (circl-sighting)
CIRCL published-proof-of-concept: CVE-2026-5121 (circl-sighting)
CIRCL seen: CVE-2026-5121 (circl-sighting)
CIRCL seen: CVE-2026-5121 (circl-sighting)
RHSA-2026:8867 (circl)
RHSA-2026:8908 (circl)
RHSA-2026:8517 (circl)
RHSA-2026:8521 (circl)
RHSA-2026:8534 (circl)
RHSA-2026:8864 (circl)

…and 36 more exploits

Timeline

Mar 30, 2026 EPSS Score
Mar 30, 2026 CVE Published
Mar 30, 2026 Security Advisory
Mar 30, 2026 PoC Published
Mar 31, 2026 PoC Published
Mar 31, 2026 PoC Published
Apr 5, 2026 PoC Published
Apr 16, 2026 Distribution Patch
Apr 16, 2026 Security Advisory
Apr 17, 2026 Distribution Patch
Apr 17, 2026 Security Advisory
Apr 17, 2026 Distribution Patch

References

https://access.redhat.com/security/cve/CVE-2026-5121 vdb
https://github.com/libarchive/libarchive/pull/2934 url
https://nvd.nist.gov/vuln/detail/CVE-2026-5121 advisory
RHSA-2026:10065 vendor-advisory
RHSA-2026:10097 vendor-advisory
RHSA-2026:11768 vendor-advisory
RHSA-2026:8510 vendor-advisory
RHSA-2026:8517 vendor-advisory
RHSA-2026:8521 vendor-advisory
RHSA-2026:8534 vendor-advisory
RHSA-2026:8864 vendor-advisory
RHSA-2026:8866 vendor-advisory
RHSA-2026:8867 vendor-advisory
RHSA-2026:8873 vendor-advisory
RHSA-2026:8908 vendor-advisory
RHSA-2026:8944 vendor-advisory
RHSA-2026:9026 vendor-advisory
RHSA-2026:9592 vendor-advisory
RHSA-2026:9832 vendor-advisory
RHBZ#2452945 issue

…and 46 more

Open in Interactive Console →